MISDIRECTION: 1 machine crack

lone_wolf
4 min readDec 23, 2020

--

So let’s start; I think everybody knows about vulnhub(if anybody didn’t know,try to explore is blog:https://medium.com/@gavin

So let’s start; I think everybody knows about vulnhub(if anybody didn’t know,try to explore is blog:https://medium.com/@gavinloughridge/a-beginners-guide-to-vulnhub-part-1-52b06466635d)

The machine was released on 24Sep2019(Here is the link:https://www.vulnhub.com/entry/misdirection-1,371/

Difficulty Level: Beginner-intermediate

Learning: Abuse /etc/passwd file |Privilege Escalation

This is a boot to root challenge.

So let’s start;

I download it from vulhub;but it was unable to connected to my NAT network(i use VMWARE)

let us start hacking!

Run the simple command in your terminal :arp-scan — l

after that, we see there is a IP address(192.168.50.149) where my Vulnerability VM running.

I want to know which service was running on that machine. for that I use Nmap.

Here we see that port 80 was open. that means there was webservice was running. And also 8080 port was also open

just type the ip in your web browser

After that I fired my FFUF(you can use any tool), for directory enumeration

Here I find 3 directory…..admin sees like something in it….

But sadly I didn’t find anything…

After enumerating several directories and source-code … I didn’t get anything.

But I realized that There was an 8080 Port also open…let’s visited it…maybe something I will find…

It’s seen as the default apache page….. lets fired our FFUF for directory enumerate.

Here I get several directories and visited manually all of them, but when I visited the “debug” directory I found something unusual.

It seems like there was a virtual Shell running on it…

so I suddenly try to get reverse shell;

i get it….

it’s time try to get TTY shell(🤣but i didn’t use python)

after that try to escalate to privilege,,,so i type “sudo -l”

Here it shows this user can switch to brexit user without any passwd….so let’s try that.

And I successfully switch my user….

Once again, I try to escalate to privilege, so I type “Sudo -l”, but i did not get anything..

So, After that, I try to enumeration different things on that machine.

And Find something strange …..that, this user has permission to write the /etc/passwd file…….

Let’s Abuse that…😎

I hope you learn something new from my writeup;

I hope you try to forget my Gramer mistake…

Thanks for reading my blog..

--

--

lone_wolf
lone_wolf

Written by lone_wolf

I am a noob , who always ready to help you in a different way.

No responses yet