sunset:twilight Vulnhub Walkthrough
Another walk-through for this day
Box _Name => sunset:twilight
Method => 1
Date : Friday 31 July 2020 Time : 20:41
Walkthrough
IP of the target => 192.168.1.184
As usual I started with nmap scan to find open ports and services uing the command
nmap -sC -sV -Pn -p- -T4 --max-rate=1000 -o nmap.txt 192.168.1.184

there are so many open ports (screenshot is incomplete)
I started enumeration from port 139 and 445 using enum4linux tool to check for the SMB shares
enum4linux 192.168.1.184

I tried accessing it anonymously and succeed :)

I started to enumerate different locations and found found that we can upload files in /var/www/html/ directory , so after wasting sometime I decided to upload a php reverse shell using the command
PUT shell.php

next I executed this script using the URL <taregt-ip>/shell.php and got the shell as user www-data

after spending some time with the box I found that /etc/passwd is writable

and that's it , edit the file locally in my system and uploaded it using wget with flag -O and then I got root access
Not showing How I edited the /etc/passwd file , search it on the internet you will find many website demonstrating this process
HINT:openssl
There is one more method that is bypassing the file upload restriction by changing the MIME type , Hope you like the walkthrough :)