Run a nmap scan to find for open ports.

Use searchsploit to find for exploits for webmin 1.910

Running a gobuster scan will give you a secret directory to /rips/ which is a type of vulnerability scanner. Scan the default Apache server directory var/www . Click the files tab and a secret file with username and password will be found.

SSH into that account.

First flag is found.

While exploring the other directories in the /mnt/ folder a secret.file is found containing a password. Switch to the next user with the password.

Found a webmin folder and accessable miniser.log. User and password is found in the account log.

Start up metasploit and use the exploit for webmin 1.910. And input the following options. Then run the exploit.

Root access is gained. Spawn and shell and change directory to the root folder to find the final flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: