hackme: 1 VulnHub

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Hello Everyone, In this blog i am going to post walkthrough of hackme 1.

This Machine is for beginners.

Let’s Start,

Target IP- 192.168.43.19

Attacker IP- 192.168.43.139

Let’s start with nmap.

nmap -sC -sV -p- -Pn 192.168.43.19

Ok, There are two ports open

22 – ssh

80 – http

Let’s see what is running on port 80.

So, we got a Login Page.

we also have a Sign up page.

So, I filled the form and Logged in.

So, this is a online Book Catalog page.

There is a search box So, I searched for a book and i captured it in the Burpsuite.

So, i saved the request in to a file “hackme.txt”.

As There is input parameter “Search=” Thought of doing sqlmap on it. To find if we can get access to the Database.

sqlmap -r hackme.txt –dbs –batch

Here, We go the databases.

Lets check webapphacking,

sqlmap -r hackme.txt -D webapphacking –dump-all –batch

We got the usernames and passwords.

Here, superadmin looks interesting but the passwords are encrypted.

Looks like they used MD5 to encrypt it.

Let’s decrypt the password of superadmin.

here it is we got the password.

username : superadmin

password : Uncrackable

Let’s login in the web page.

Ok, we Logged in.

There is file upload option, so i thought of uploading a php reverse shell file to get the Shell.

This is PHP file to upload.

Before that Let’s start Listener .

nc -nlvp 1234

Ok, The file got uploaded.

Now, we have to execute it to get reverse shell.

It, says the file got uploaded in upload folder.

Let’s check upload directory.

Here is the file, lets open it and check the listener

We got the limited shell.

To get interactive shell we use python,

python -c “import pty;pty.spawn(‘/bin/bash’)”

Now we need root access, I explored all the directories and i found an executable file “touchmenot” in /home/legacy Directory.

So, i Executed the file.

Here, I got the ROOT access!!

Writer: Anudeep is Cyber Security Intern at Azure Skynet Solutions Pvt Ltd. You can contact him here.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top