Jagnow: 1.0.1

Download the box from here

Discover the machine IP with netdiscover.

Run a nmap scan.

Head to the http site.

Click on the Buscar page on the top right.

Seems like a page we can exploit, (

Send the page to burpsuite.

Send the page to repeater.

Let’s test out some linux commands.

Able to list out the current directory

Use basecode encoding to explore the rest of the directories.

Found a user jangow01
user.txt is found
User flag is found


Let’s cat the config.php file found in the wordpress directory.

Some credentials found

$username = “desafio02”;
$password = “abygurl69”;

Tried logging in with desafio02 account and password but it was invalid. Tried it again with the jangow01 user and gained access.

Cant find anything on the FTP servers.

Let’s login to the main VM itself.

Download the dirtycow exploit from here

Complile the exploit with : gcc -Wall -o dirtycow-mem dirtycow-mem.c -ldl -lpthread

Head back to the VM chmod +x the exploit and run it.

Root is gained and head to the root folder to find the final flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s