MISDIRECTION: 1 machine crack

So let’s start; I think everybody knows about vulnhub(if anybody didn’t know,try to explore is blog:https://medium.com/@gavinloughridge/a-beginners-guide-to-vulnhub-part-1-52b06466635d)

The machine was released on 24Sep2019(Here is the link:https://www.vulnhub.com/entry/misdirection-1,371/

Difficulty Level: Beginner-intermediate

Learning: Abuse /etc/passwd file |Privilege Escalation

This is a boot to root challenge.

So let’s start;

I download it from vulhub;but it was unable to connected to my NAT network(i use VMWARE)

let us start hacking!

Run the simple command in your terminal :arp-scan — l

after that, we see there is a IP address(192.168.50.149) where my Vulnerability VM running.

I want to know which service was running on that machine. for that I use Nmap.

Here we see that port 80 was open. that means there was webservice was running. And also 8080 port was also open

just type the ip in your web browser

After that I fired my FFUF(you can use any tool), for directory enumeration

Here I find 3 directory…..admin sees like something in it….

But sadly I didn’t find anything…

After enumerating several directories and source-code … I didn’t get anything.

But I realized that There was an 8080 Port also open…let’s visited it…maybe something I will find…

It’s seen as the default apache page….. lets fired our FFUF for directory enumerate.

Here I get several directories and visited manually all of them, but when I visited the “debug” directory I found something unusual.

It seems like there was a virtual Shell running on it…

so I suddenly try to get reverse shell;

i get it….

it’s time try to get TTY shell(🤣but i didn’t use python)

after that try to escalate to privilege,,,so i type “sudo -l”

Here it shows this user can switch to brexit user without any passwd….so let’s try that.

And I successfully switch my user….

Once again, I try to escalate to privilege, so I type “Sudo -l”, but i did not get anything..

So, After that, I try to enumeration different things on that machine.

And Find something strange …..that, this user has permission to write the /etc/passwd file…….

Let’s Abuse that…😎

I hope you learn something new from my writeup;

I hope you try to forget my Gramer mistake…

Thanks for reading my blog..

--

--

--

I am a noob , who always ready to help you in a different way.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The secret of CSS triangles

Why Start-ups Prefer Swift Over Objective-C

Before we get started

Django: An Informative Blog

Mariya Zeltsman_NFT Collaboration Drop_Pjt WITH UKRAINE (4/28~ )

Tutorial: S3 static site hosting over https with an external domain

Strimzi — Kafka in K8s

Dumper-Service Phaseout, A One-Year Seven-Month Journey

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lone_wolf

lone_wolf

I am a noob , who always ready to help you in a different way.

More from Medium

Orientation Failure? Why Directionality Matters in Innovation Policy and Implementation

CS 373 Spring 2022 — Week 4

Can special economic zones drive local production of health products in Nigeria?

#CandidsAtJar — Meet Rajan