KB-VULN 1 Vulnhub Walkthrough

Today we are going to solve another boot2root challenge called KB-VULN 1.  It’s available at Vulnhub for penetration testing. This is an easy level machine.  and this VM is created by MachineBoy. you can download here this Machine link for solving this machine enumeration is key.

Description

ENUMERATION ENUMERATION and ENUMERATION! This VM is running on VirtualBox. And has 2 flags:user.txt and flag.txt. This works better with VirtualBox rather than VMware.

Network Scanning

Always we started network scanning we identified our target using the netdiscover tool.

After getting the target IP address our next step is scanning all ports and service target and find vulnerable ports and services.

Enumeration

We can see above that port 80/HTTP is open on the target machine on which the HTTP service is running. Let’s explore the target IP in the browser.

now we starting enumeration checking page source code and common server file robots.txt and we found interesting #teachers-section and username: sysadmin.

previous we found a username sysadmin and we try this username as ssh username and password brute-forcing using hydra.

After the 15-second target password is cracked successfully now we log in with sysadmin username and password is ( password1 )

Privilege Escalation

now it’s time to get the privileges to root user I ran the find command for finding all ( read, write, executable ) file in / directory and again we found interested file update-motd.d/00-header have full permission.

we can run any Linux command as the root user using the echo command I add a Linux command for changing find command permission setting SUID Bits.

Getting root Access

our privilege escalation setup is complete now we again re-login the ssh server and then execute the privilege escalation command.

final step is move the /root directory and get the root Flag.

How to Create a Facebook Phishing page read more