BSides Vancouver: 2018

[ vulnhub  boot2root  walkthrough  ]

Goal

uid=0(root) gid=0(root) groups=0(root)

Download

https://www.vulnhub.com/entry/bsides-vancouver-2018-workshop,231/

Walkthrough

nmap
alt text

ftp allows anonymous access
alt text

downloadable lists shows possible user accounts
alt text

default webpage
alt_text

dirb
alt_text

robots.txt
alt_text

wordpress instance
alt_text

enumerate users using wpscan
alt_text
alt_text

wfuzz password for john
alt_text

admin wordpress access granted using john
alt_text

add reverse shell to footer.php
alt_text

low privilege reverse shell
alt_text

/etc/passwd confirms lists of users
alt_text
alt_text

ssh config file shows all users except anne use a public key
alt_text
alt_text

use hydra against ssh
alt_text

ssh as anne with found password
alt_text

sudo gives root privileges & flag
alt_text

Written on June 18, 2018
Share on: