Persecure : my learning archive

, ,

Born2Root: 1

https://www.vulnhub.com/entry/born2root-1,197/

Review

  • Enumeration will lead to a hidden private key
  • Explore the cron jobs and create a reverse shell
  • Brute forcing is the key to gain root access

Enumeration

Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80

/robots.txt

/wordpress-blog

/ icons

Found a RSA key.

Use the private key to SSH into the 3 users found on the homepage. It is a key for martin.

Foothold

Once login we need a password and I guessed the password as password.

After some enumeration , found a cron job.

The user jimmy executes a python script every 5 mins but the file has not been created.

Let’s create the exact file but with a python reverse shell inside.

Start up netcat listener and wait for the connection.

After a long time enumerating , I’m unable to find any clues. I resorted to bruteforcing the last user.

Privilege escalation

Once we enter to the user hadi we are just able to switch user into root.

Found the final flag.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: