symfonos 5 walkthrough Vulhub CTF

Today we are solving symfonos 5 walkthrough Vulhub CTF

symfonos VM is made by Zayotic. This VM is a purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. symfonos 5 walkthrough

It is of Beginner real-life based and is very handy in order to brush up your skills as a penetration tester.

Network Scanning

identifies the target IP address we will initiate with netdiscover.

advance network scanning using the Nmap Aggressive scan. All port and services.

We see the target system port 21 ssh, 80 HTTP, 389 LDAP, service is running.

we got the port 80 open, we decided to open the IP address in the web browser.

I am adding our target VM IP Address our /etc/hosts file symfonos.server

Directory Bruteforcing

we chose DIRB for directory brute force attack finding server all directory

After brute-forcing the directory we see a admin.php directory now open the directory any web browser

I am using firefox and I see the simple login page I tried password brute burp suite but no correct credential found i try to open home directory but the home page is redirecting admin page

I try to open home page source code Using curl tool get the target home page source code

we see the home.php URL is redirecting localhost php file

Try LFI with curl tool

We see the target passwd mean target is vulnerable LFI

Try reading source code admin.php file

we got an LDAP username and password

I run the Nmap script to login with username and password

try to log in the credentials ssh connection

userPassword: cetkKf4wCuHC9FET
mail: zeus@symfonos.local

  • username: zeus
  • password: cetkKf4wCuHC9FET

Privilege Escalation

run sudo -l to check for commands that can run as sudo. It looks like dpkg can run as sudo.

So after rummaging the internet, we find out some information about building packages with fpm

After generating dpkg file download the target /tmp directory I star our Simple python server and wget to download the file target system

I run the dpkg package and our shell is changed normal user to root user

Next Walkthrough Os-hackNos-4 Walkthrough see here
Exit mobile version