Persecure : my learning archive

, ,

Dripping Blues: 1

Download the machine:

https://www.vulnhub.com/entry/dripping-blues-1,744/

Overview

  • Enumeration will lead to a open FTP server
  • Get the zip file , crack the password and find the clue
  • Robots text will indicate a hidden directory
  • Use directory traversal to find the hidden directory that contains a password in the source code
  • Enter the user check for SUID permissions
  • Exploit the machine with polkit and gain root access

Enumeration

Run nmap scan to find for open ports.

Check the FTP server as anonymous.

Download the zip file.

Crack the password on the zip file.

Read the text.

Run a gobuster scan to find for hidden directories.

Port 80

/robots.txt

This does not work at all.

In the robots text file there is a hidden directory that looks like a command injection. Moreover the clue given seems we can search a drip folder. Lets use the index.php to set a command injection.

Found the hidden page.

Source code shows a password.

Foothold

Able to gain access into the thugger user.

Found the first flag.

Unable to find SUDO permissions. Check for SUID permissions.

We can use a polkit exploit.

Privilege escalation

Get the exploit from here.

Run the exploit.

Root user will be gained.

Final flag is found.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: