Posted on

Vegeta: 1

https://www.vulnhub.com/entry/vegeta-1,501/

Review

  • Enumeration uncovers hidden directories
  • Check all the way to the bottom for clues
  • Decode file and look out for double encoding
  • Use a more through enumeration if stuck
  • Decode a morse code to find for clues
  • Check bash_histroy to find for clues

Enumeration

Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Check the source and a base64 code is found right at the bottom.

Use cyberchef and decode it twice as it is double encoded.

Save the output image.

It’s a QR code.

Decode the QR code and we have a password.

We have a password but no user. Let’s use a more thorough enumeration with Seclists

Found an additional directory.
Contains a .wav file.

It is in morse code , let’s use an online morse code decoder.

Found a user and password

Foothold

Access gained.

Privilege escalation

Check the folder history.

bash_history shows a password and a user name Tom. However Tom does not exsist.

Let’s use the same command in the file and add a Tom user.

Switch user and root access is gained.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s