sunset: dawn

[ vulnhub  boot2root  walkthrough  ]

Goal

root

Download

https://www.vulnhub.com/entry/sunset-dawn,341/

Walkthrough

nmap
alt text

default 80…nothing
alt text

dirb finds a log folder…only one is accessable
alt text
alt text

log shows that some folders are being monitored
alt text

enum4linux shows an interesting share and usernames
alt text
alt text
alt text

connecting to smb share we can write to it
alt text

got lost for some time as i couldn’t find anything. i rebooted the system and noticed the management.log grew in size…hmmmm

updated management log shows some processes are continually happening
alt text

created reverse shell file named web-control since it was being referenced in the log. setup listener and we have low priv access
alt text

we can sudo sudo with no password…and we have root
alt text

and root flag
alt text

Written on September 6, 2019
Share on: