GrimTheRipper: 1

[ vulnhub  boot2root  walkthrough  ]

Goal

root

Download

https://www.vulnhub.com/entry/grimtheripper-1,350/

Walkthrough

nmap
alt text

default 80
alt text

dirb
alt text

robots shows index2
alt text

index2
alt text

source of index2 reveals a base64 string
alt text

decode twice to find new directory
alt text

new directory shows wordpress
alt text
alt text

wpscan finds a lot of vulns but nothing to get access and one user admin
alt text
alt text

run wpscan brute with rockyou (i split rockyou to multiple files) and password found
alt text
alt text

all links on site direct to 127.0.0.1
alt text

using target redirector from burpe, able to login
alt text
alt text

adding php reverse shell to footer and calling site, reverse shell acquired
alt text
alt text

wordpress is so old, so is the os. easily found kernel exploit
alt text

sploit words, root. no flag though :P
alt text

Written on September 11, 2019
Share on: