Lampiao: 1

[ vulnhub  ctf  walkthrough  ]

Goal

root

Download

https://www.vulnhub.com/entry/lampiao-1,249/

Walkthrough

nmap
alt text

default 80, doesn’t work
alt text

default 80 via telnet
alt text

default 1898, looks like drupal
alt text

a post states node2 isn’t working
alt text

node2 lists two files
alt text

audio.m4a spells out “user tiago”
qrc.png is a qr code and tells us to try harder
alt text

robots.txt lists out a lot
alt text

after much searching, changelog.txt seems interesting…drupalgeddon
alt text

setup metasploit
alt text

reverse shell
alt text

etc passwd shows user tiago
alt text

quick lookup on drupal mysql settings location
alt text

checking default settings
alt text

mysql settings revealed
alt text

try ssh with found password; success
alt text

lots of enumeration and finally went back to os/kernel version…old
alt text

search for dirty cow sploits
alt text

chose this one for stabilitiy based on this comment as it is added automatically
alt text

download and compile sploit
alt text

run sploit and get new root password
alt text

elevate to root and cat flag
alt text

Written on November 27, 2018
Share on: