Os-hackNos 1 Walkthrough

Os-hackNos 1 Walkthrough

  • Network Scanning
  • First, we use netdiscover to find out the machine’s IP

Now that we have the Target Machine IP Let’s scan the target with Nmap

After the scan of all the ports we see that we have the HTTP service (80)

Opening Firefox and navigating to just gives us the default Web page

Without waste our time Now Directory Brute-force with dirb Tool

try directory brute-force dirb GUI version dirbuster with extension txt

After enumerate the directory we see open our browser this link and i see base64 format language code let’s decrypt it

and our output is brain-fuck encode I decrypt the code splitbrain.org web site show in the image

  • username: james
  • password: Hacker@4514

Now login to drupal web-service

After drupal login I go to drupa version check I see drupal running 7.57 version I search google and find the exploit drupalgeddon2 remote code execution now try our exploit metasploit

  • search Drupalgeddon2
  • use exploit/unix/webapp/drupal_drupalgeddon2
  • show option
  • set rhost
  • set targeturi /drupal
  • run
Os-hackNos 1 Walkthrough

To be able to use su and various other features, we need to upgrade the shell using the python module

Os-hackNos 1 Walkthrough

Privilege Escalation

I am first trying SUID Bit check file find command and see an output /usr/bin/wget SUID Bit set

Os-hackNos 1 Walkthrough

I am going /etc/passwd and copy this file our local system and generate a new password with open SSL

After generating our password and paste it passwd file

Os-hackNos 1 Walkthrough

and download the file wget command target system

Os-hackNos 1 Walkthrough

After ls command we root.txt our last flag

Os-hackNos: 1  Walkthrough

Os-hackNos: 1 Walkthrough Author: Rahul Gehlaut more blog here