Matrix: 1

[ vulnhub  boot2root  walkthrough  ]

Goal

root flag

Download

https://www.vulnhub.com/entry/matrix-1,259/

Walkthrough

nmap
alt text

default 80
alt text

default 31337
alt text

source 31337
alt text

decode string found in burp
alt text

guessed at using last part as a file name and it downloads
alt text

checking file, looks like brainfuck
alt text

decoded gives partial password for guest
alt text

wrote python script to generate random 2 characters and add to end of known password
alt text

generated a text file with lots of possibilities and ran with hydra
alt text

ssh using found password; looks like a restricted shell
alt text

tried the usual jail breaks, but failed
alt text

seems that vi jail break works but with limited commands
alt text

alt text

updated with a regular path and commands now work normally
alt text

see what sudo says; we can run all commands and get root lolz
alt text

root flag
alt text

Written on November 8, 2018
Share on: