sunset:twilight Vulnhub Walkthrough

Another walk-through for this day

Box _Name => sunset:twilight

Method => 1

Date : Friday 31 July 2020 Time : 20:41


Walkthrough


IP of the target => 192.168.1.184


As usual I started with nmap scan to find open ports and services uing the command


nmap -sC -sV -Pn -p- -T4 --max-rate=1000 -o nmap.txt 192.168.1.184

there are so many open ports (screenshot is incomplete)

I started enumeration from port 139 and 445 using enum4linux tool to check for the SMB shares

enum4linux 192.168.1.184

I tried accessing it anonymously and succeed :)

I started to enumerate different locations and found found that we can upload files in /var/www/html/ directory , so after wasting sometime I decided to upload a php reverse shell using the command

PUT shell.php

next I executed this script using the URL <taregt-ip>/shell.php and got the shell as user www-data

after spending some time with the box I found that /etc/passwd is writable

and that's it , edit the file locally in my system and uploaded it using wget with flag -O and then I got root access


Not showing How I edited the /etc/passwd file , search it on the internet you will find many website demonstrating this process
HINT:openssl

There is one more method that is bypassing the file upload restriction by changing the MIME type , Hope you like the walkthrough :)

Recent Posts

See All

Website change notice

As you all know that our website is providing walkthrough of different challenges from different platforms and without any advertisement but due to some funds issue we can't continue this website :( S

Subscribe to HacLabs newsletter

Get priority notification on the release of the latest articles.

  • YouTube
  • Twitter
  • Instagram
  • Linkedin

© 2020 by HacLabs.