Vulnhub TR0LL Walkthrough

Before i begin, this machine is defiantly a troll

Let’s scan the host with nmap and see what information related to it’s open ports

Nmap –A –T4 –p- –vv

dirb came with /secret

I cat , strings and exiftool both the pictures but came with nothing .

Next let’s try to connect to FTP service as nmap says it’s anonymous login

After logging in a listed the files and found a lol.pcap file and retrieved it

Viewing the file with tcpick -C -yP –r lol.pcap  found a path sup3rs3cr3tdirlol

Visiting the path gave us a new file to download roflmao its executable file , it strings it and found some information inside it but what we need from it is another path 0x0856BF

Inside the directory is two folders inside each is text file one is the passwords and another with a username

Downloaded the two file Pass.txt and which_one_lol.tx and used Hydra

Username is overflow worked with the password (Pass.txt), BUT trying to login was so hard and not easy, as the host keeps blocking the login and sometimes crashing and weird things happening while logging in

Lets find out what the host kernel and version is and exploit that

Ok now we have this information lets search for exploit using searchsploit on our machine

Now lets copy the file to the host machine using SimpleHttpServer on out machine and using wget on the host machine to copy the file into the tmp folder

Now compile the file with any name and run it

As you can see we got root shell and changed directory to /root and there is a file with the name proof.txt, view it and that’s it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s