Sumo Vulnhub Walkthrough

Sumo Vulnhub Walkthrough | Sumo: 1 Walkthrough Vulnhub | sumo writeup vulnhub

In this Article, we play another vulnhub box sumo is created by SunCSR Team. This VM is Beginner level you can download here sumo: 1 CTF

Goal

Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).

Network Scanning

First we discover our target IP address using the netdiscover tool.

Sumo Vulnhub Walkthrough | Sumo: 1  Walkthrough Vulnhub | sumo writeup vulnhub

Now we have our target IP address our next step is scanning target machine ports and service using nmap ( -A ) aggressive scan

Sumo Vulnhub Walkthrough | Sumo: 1  Walkthrough Vulnhub | sumo writeup vulnhub

Enumeration

Our target two ports are open 22SSH, and an 80http service running for enumeration we will navigate to a web browser for exploring HTTP service

now we have no clue what we do then we chose nikto web vulnerability scanner

After completing the Nikto scan we found a directory /cgi-bin/test and this directory is vulnerable to the shellshock exploit before execute the curl command first we start our netcat listener

Sumo Vulnhub Walkthrough | Sumo: 1  Walkthrough Vulnhub | sumo writeup vulnhub

After execute the curl command we have reverse shell target machine and we try to find suid binary but we fail then we run the uname -r command and this command is shown target machine kernel version

and this kernel version is vulnerable perf_swevent_init’ Local Privilege Escalation move the /tmp directory and download the exploit

Sumo Vulnhub Walkthrough | Sumo: 1  Walkthrough Vulnhub | sumo writeup vulnhub

then we compile the exploit but we see a error for compiling time gcc: error trying to exec ‘cc1’ : execvp:

now we have a big problem after compile the exploit our VM is crash again we create an Linux meterpreter reverse payload and using the wget command download this payload target machine /tmp directory

and run the msfconsole and load a plugin multi/handler set Linux meterpreter payload listener

our Metasploit listener is start we add permission our payload then execute our payload using the command

Sumo Vulnhub Walkthrough | Sumo: 1  Walkthrough Vulnhub | sumo writeup vulnhub

again we go to the /tmp directory and recompile the exploit and add permission read,write,execute for all user and run exploit

our exploit is run successfully and we get root shell target machine so let’s move the /root directory and read our root.txt flag.

Sumo Vulnhub Walkthrough | Sumo: 1  Walkthrough Vulnhub | sumo writeup vulnhub
Katana 1 Vulnhub Walkthrough link