Hacking Stapler Vulnhub

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Stapler is a boot2root machine from vulnhub. It’s easy machine with littlw twist. You can download this machine from here.

Let’s start the dirty work.

I scanned the network to find the IP of the machine with the help of arp-scan.

10.0.2.9 is my target

Let’s scan our target with nmap.

nmap -sC -sV 10.0.2.9

I didn’t find anything intresting with these switches, so again I scanned the target with different switches and i found http running on port 12380.

nmap -p- -A 10.0.2.9
http running on port 12380

I scanned the target with Nikto and found 2 interesting output.

Entry /admin112233 /blogblog

Well, target is running on WordPress, I used wpscan to gather more information.

wpscan --url https://10.0.2.9:12380/blogblog --enumerate u --disable-tls-checks
result from wpscan

I brute-forced username for their password with wpscan.

wpscan --url https://10.0.2.9:12380/blogblog --username john --passwords /usr/share/wordlists/rockyou.txt --disable-tls-checks 

I logged in to wordpress with john:incorrect and uploaded a php-reverse-shell in plugin which I got from here.

The uploaded location was /wp-content/uploads (got it from wpscan)

And finally I was able to get reverse shell with the help of Netcat.

reverse shell

I enumerated further to find the kernel version and downloaded its exploit from here.

lsb_release -a

Further downloading and executing the exploit gave me root access to the system.

I am ROOT

Happy Hacking:)

Visit : AzureSkynet

Visit: CosmicSkills

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top