unknowndevice64: 2

[ vulnhub  boot2root  walkthrough  ]

Goal

root

Download

https://www.vulnhub.com/entry/unknowndevice64-2,297/

Walkthrough

nmap
alt text

ran detailed nmap for unknown ports
alt text

knowing this is android with debug port 5555 open, we get root and flag quickly by using adb to connect and get shell
alt text

second way to get root we try through web interface on port 12345

authentication required and it was a lot of trial and error

alt text

not elegant, but manually tried some very default username/password combos. turns out to be administrator/password
alt text

before doing automated enumeration we try robots.txt and it’s there
alt text

going to info.php prompts a download
alt text

turns out to be a private ssh key with a comment, most likely key password
alt text

echo the key into a file and change permissions
alt text

ssh using key and password, success
alt text

we know root doesn’t have a password and location of the flag, done
alt text

Written on May 19, 2019
Share on: