Persecure : my learning archive

, ,

Sunset : Noontide

https://www.vulnhub.com/entry/sunset-noontide,531/

Review

  • Enumeration will state an exploitable IRC server
  • UNREAL IRC is a very common exploitable server
  • Use metasploit
  • Do not overthink for privileged escalation

Enumeration

Run nmap scan to find for open ports.

From the nmap scan and scripts results we notice the machine has a UNREAL IRC server.

Let’s check searchsploit for any exploits.

Metasploit has a backdoor CE

Start up metasploit and search for the moduel

Foothold

A session is gained.

Gain a python shell

Found the first flag.

After trying LinPeas and Linux kernel exploits , the machine box description states to not overthing.

Let’s try to use su to root with the same password.

Privilege escalation

Accessed gained.

Final flag found.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: