CengBox: 1 Vulnhub Walkthrough

Updated: Jun 5, 2020

Walkthrough of vulnerable machine CengBox . It is a intermediate level machine!

you can download this box from vulnhub.

IP of the target : 192.168.43.133

First of all we run nmap to find open ports and services running in the target system using the command .

nmap -sC -sV -Pn -p- 192.168.43.133

now lets enumerate the port 80 to find something useful .

That's all we have on port 80 :(

Now we decided to run dirb to find hidden directories and webpages using the command .

dirb http://192.168.43.133 /usr/share/wordlists/dirb/big.txt

/masteradmin/ looks interesting . Lets again use the dirb tool using the command

dirb http://192.168.43.133/masteradmin/ /usr/share/wordlists/dirb/big.txt -X .php

lets open the login page /masteradmin/login.php

try some basic SQL injection payload . Started ,with 1' or '1'='1'# as username and password and yes we succeed.

lets upload a .php file ( I know this will not work but my brain said : Try this )

Okay , now what is .CENG file I searched on the internet about this file extension but found nothing and after a lot of thinking ( not really) we changed the .php to .php.ceng and again tried to upload the file , and yes this time we succeed in uploading the file , Now lets visit the URL /uploads/my.php.ceng to execute our shell code

and yes we are in as user www-data. now changed directory to /home and found one user there name cengover . If we go back to our notes then there is db.php in /masteradmin/ . So by changing the directory to /var/www/html/masteradmin/ we read the content of db.php file and found some creds there.