My File Server: 1 Walkthrough Vulnhub CTF

My File Server: 1 Walkthrough Vulnhub CTF

I will share with you a new Walkthrough for Vulnhub machines. My File Server: 1 This CTF machine is Created by Akanksha Sachin Verma You can download here this CTF

Netdiscover can be used to discover the ALL IP address.

Scanning our target Ip with Nmap basic scan using ( -p parameter ) all port scanning

Our scanning Nmap scanning is complete and we target many ports open 21 ftp, 22 ssh, 80 http, 445 smb, etc.

Enumeration

After having read the results from the scan I go for the http service first. On the browser, I see H2 hading

Simple scanning with Nikto And we see a /readme.txt file

Nikto scan we found a file readme.txt I open the file browser and we see a massage readme.txt file ( My Password is rootroot1 )

Smbmap

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents,

• username: smbuser
• password: rootroot1

I try to log this username and password for ssh and we see an error message public key

Generating a new ssh authorized_keys

log in with ftp same username and password

• username: smbuser
• password: rootroot1

Creating a .ssh directory

uploading the public key target home directory put command to upload authorized_keys

again login ssh and I successfully login with ssh without password

we see our target is system kernel version is vulnerable I search exploit google and I found a Linux Kernel 2.6.22 < 3.9 (x86/x64) – ‘Dirty COW /proc/self/mem’ Race Condition Privilege Escalation

After download our exploit we need to compile this c file into an executable file

adding permission executable our exploit

this is the last step now run the exploit

Sar: 1 walkthrough Vulnhub CTF