Monitoring Vulnhub Walkthrough

Monitoring Vulnhub Walkthrough | Monitoring Vulnhub Writeup

In this article we will share another vulnhub machine Monitoring Walkthrough. and it is a very easy box. Credit for making this machine goes to SunCSR Team. you can download here this machine.

Network Scanning

Let’s discover the IP Address of the Machine. for discovering the target IP address we use the Nmap ping scan.

We found the target’s IP Address 192.168.43.152. and our next step is to scanning open ports target machine by using the Nmap tool.

we performed a Nmap scan for OS detection, version detection, and we see many ports are open target machine.

Enumeration

For more details, we will need to start enumeration against the target machine. Therefore, we will navigate to a web browser for exploring HTTP service. landing page not give useful information. since we see in Nmap scan Http-title: Nagios XI

Let’s explore the /nagiosxi log in page URL and here we try some common password like admin-admin, admin-password, admin-root but we couldn’t log in with cms and again I try to log in and try the default username nagiosadmin and we will log in with cms panel.

Monitoring Vulnhub Walkthrough

Exploitation

we search exploit for Nagios XI and we found an authenticated_rce exploit. let’s load the msfconsole and load the exploit nagios_xi_authenticated_rce.

Monitoring Vulnhub Walkthrough

After run the exploit we got a meterpreter connection target machine let’s run the shell command for the bash shell environment.

now we have proper root shell. let’s move the /root directory and read our final root flag.

Monitoring Vulnhub Walkthrough

StarWars Vulnhub Walkthrough link