Open in app

Sign in

Write

Sign in

LIN SECURITY: 1 Machine crack

lone_wolf
3 min readDec 9, 2020

So let's start; I think everybody knows about vulnhub(if anybody didn’t know,try to explore is blog:https://medium.com/@gavinloughridge/a-beginners-guide-to-vulnhub-part-1-52b06466635d)

The machine was released on 11 Jul 2018(Here is the link: https://www.vulnhub.com/entry/linsecurity-1,244/)

Difficulty Level: Beginner

Learning: crack hash|Privilege Escalation

This is a boot to root challenge.

So let’s start;

I download it from vulhub;but it was unable to connected to my NAT network(i use VMWARE)

But when i open,it give me terminal, where i type machine credentials and enter the box..(but here the question how i get the machine credentials)

While Download this, i saw here creator of the machine give some credentials,so I use that credentials and successfully enter into machine😎

while enumerating machine, i know that 3 user present inthat box. And our goal was to try to login with every user after that get root shell.

Here I am logging with bob. So it’s time get Privilege Escalation that machine. for that i enter simple command (sudo -l) ,for knowing which file/program have the root user power .but after that when the result comes out ,i was totally shocked because ,it shows lot’s of program /file are vulnerable .😥

Here I just Abuse the bash command and get root power. by typing “sudo /bin/bash”

As earlier i said 3 user present in that box, and our goal was to get root shell from every user…. so i try to enumerate other user credentials , and i got somethings juicy.

Here i get susan user value, it’s time to switch the user😁😎

I try to esclate the Privilege Escalation, but i faild.

But when I type “cat /etc/passwd” , I was totally shocked I was able to read another user password hash.

So it’s time to open john , and crack that hash🤗

After that type ( john — wordlist:rockyou.txt k)

And i get Decreyt password =(insecurity:P@ssw0rd:0:0::/:/bin/sh)

so Its time to switch the user .. i get the root shell.

I hope you enjoy my post…please forget my English mistake,….

Thank you for reading my Post….be happy and always have Tryharder attitude.

--

--

lone_wolf

Written by lone_wolf

40 Followers

I am a noob , who always ready to help you in a different way.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams