Vulnhub Five86-1 Walkthrough

Five86-1 Walkthrough

Scanning the host with namp –A –T4 –p- 192.168.12 –vv

Dirb scan dirb http://192.168.1.2 /usr/share/dirb/wordlists/big.txt

The robots.txt have a /ona path, you get to login as guest but you can login as admin:admin, then from the about we can see it’s running OpenNetAdmin version 18.1.1 which in searchsploit have an exploit no. 47772.rb

Copy the exploit to the Metasploit database so we can run it then run the Metasploit

Looking around I could find .htpasswd file in /var/www with the following

So what we have is a username douglas and a hash which we can crack it using a 10 characters  password using crunch

Crunch 10 10 aefhrt > rockyou.txt

Then we run john –wordlist=/root/rockyou.txt thehash.txt

We got it cracked and the password is fatherrrrr , now we login as douglas

Now we have 2 similar ways to deal with this either we copy our id_ras.pub to the host and copy it to jen home directory or we just copy douglas id_ras.pub to jen.

I found a mail in /var/mail addressed to jen

New user moss and password Fire!Fire!

We logged into moss account and in his home we found a .game folder inside it there is a executable file we can run

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s