Pwned-1: Vulnhub Walkthorugh
Penetration Testing Methodology
Recognition
- Netdiscover
- Nmap
Enumeration
- Gobuster
Exploiting
- Obtaining SSH private key backup
Privilege Escalation
- Abuse of sysadmin script.
- Abuse of Docker Group privileges
- Capture the flag
Walkthrough
Recognition
As always, we identify the host’s IP with the “Netdiscover” tool:
cNow start by listing all the TCP ports with the help of Nmap.
To work more comfortably, I’ll put the IP address in /etc/hosts.
Enumeration
Now, we have entered the web service and found information about the hacker “Annlynn” in the body and commented lines of the source code.
We have used Gobuster with a medium directory dictionary, indicating the typical extensions.
We will access the directory “/hidden_text” and will find a file named as “secret.dic“, this contains a directory listing.
After checking with Gobuster, we saw that only the directory “/pwned.vuln” is available.
Exploiting (user “Ariana”)
We found an administration panel exposed, after trying the typical passwords to try to access and not succeed, we went to check the source code and found that there is a condition in PHP with some credentials. The user already gave us the clue for which service to use (FTP).
No comments:
Post a Comment