It’s October: 1 Walkthrough Vulnhub

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

In Hello followers. Today’s article will be a vulnhub walkthrough for one of the newly published vulnerable machines on the “Vulnhub” website. The machine name is It’s October: 1 and you can download it from the link

Description

This boot to root VM is designed for testing your pen-testing skills and concepts. It consists of some well-known things but it encourages you to use the functionalities rather than vulnerabilities of the target.

Network Scanning

First We scan our local network using netdiscover arp scanning

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

The second step is to scan for all open ports on that machine to start enumerating the services running on the opened ports.

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

I found that the machine has only four opened ports 22 SSH, 80 HTTP, 3306 MySQL, and 8080 http tomcat apache server

Enumeration

I start surfing the hosted website on the HTTP port (port 80) and I found October cms blog

i go to next step enumeration the port 8080 and here I found something useful file mynote.txt

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

i open the mynote.txt file and we see an username and password

i put the credential for login october cms admin dashboard and I successfully login using this password

  • username: admin
  • password: adminadmin2
It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

Explotation

I open the cms tab and click the add button and go to the code section I create an onstart function reverse shell using this command

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

After step the reverse shell now I start our netcat payload listener on port 4545

calling our shell using curl

and we got a reverse connection target machine but the shell is blank now adding a tty shell using python3 spawn shell

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

Now we have a proper bash shell target machine I enumeration the entire machine but I didn’t find and useful file

so I run the find command for finding suid bits file

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub

this result is gave me out many binary files but I focus on python3 binary file

Privilege Escalation

I create a one liner python privilege escalate code using the following command

and we have a root shell target machine I move on root directory and here I found our final flag proof.txt

It’s October: 1 Walkthrough Vulnhub | It’s October: 1 Writeup Vulnhub
InfoSecWarrior CTF: 1 Vulnhub Walkthrough link