Fristileaks:1.3 Walkthrough

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Well, its been a while since I last wrote any blog. After a gap of almost 6 months, today I played with #Fristileaks box(well was trying this for a while but couldn’t finish it due to works) from vulnhub and it was worth tweaking. You can download #Fristileaks from here.

As usual, I scanned my network for targets IP and found “10.0.2.22” is my target. Scanning it with Nmap to find all the open ports and running services.

nmap scanning

It’s always better to run #nikto if http/https is running on the target.

I found out, there are 3 files with the name cola,sisi, beer but I could not get anything out of them. During enumeration, I thought the name of the machine is #Fristileaks so, why can’t use this name to find any files and damn, it works.

After looking into source code,I found the user name is eezeepz and for password, I changed base64 encoding into image and got the hit.

base64 to image decode

I used this username and password to login into machine and was welcomed by this:

Let’s upload shell to get the reverse access, I used this. I changed the reverse handler IP and port. After uploading the .php format, I got an error that only image format can be uploaded. Just adding .png after my .php shell gives me reverse shell.

reverse shell

After enumerating, In user eezeepz directory, opening notes.txt gave this:

Let’s inspect /home/admin folder but before that let’s follow the instruction given in notes.txt:

echo “/home/admin/chmod -R 777 /home/admin” > /tmp/runthis

/home/admin

Here, I found 2 cipher password with their encode code. I edited this code so that it can decrypt our encoded code.

decryption code
decrypted text

Time for Privilege Escalation

First, bypass this limited shell and try to login using fristigod.

More enumeration:

Ok so as fristi user, I was allowed to run ALL under the location /var/fristigod/.secret_admin_stuff/doCom.

adding /bin/sh under fristi user works like a charm and I got “THE ROOT“.

Final flag:

Taadaaaa…!! 😉

Happy Hacking:)

Visit: AzureSkynet | Cosmicskills

#penetrationtesting #cybersecurity #ethicalhacking #privilegeescalation #vulnhub #oscplikemachine

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top