Posted on

Sunset : Dawn

https://www.vulnhub.com/entry/sunset-dawn,341/

Review

  • From enumeration SMB servers can be found
  • SMB enumeration
  • Look at the log files on the web server for clues
  • Exploit a cronjob to gain access
  • Use linpeas to find for interesting flies
  • Privilege access can be gained from exploiting binaries

Enumeration

Run nmap scan to find for open ports.

Port 80

Run a gobuster scan to find for hidden directories.

/logs/

Unable to gain access to the log files besides management.log

The management logs shows us some kind of cron job with two particular files.

Let’s enumerate SMB

The SMB shares are empty but we are able to put files in them. Let’s create the same files found on the management log and put a bash shell in them.

Place the file in the smb share and start nc.

Foothold

User access gained.

Checking sudo permisions we are able to run sudo.

However using by just switching to root user we get a warning message.

Let’s check linpeas for more clues.

Privilege escalation

Fro GTFOBins we can get shell.

Root access is gained and final flag is found.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s