Tr0ll walkthrough

In this article we are going to solve another boot2root challenge Tr0ll . This is a beginner level machine . we can Download this machine from vulnhub.


walkthrough


Using the command netdiscover -i wlan0 we find out the IP address of the Target machine .

now we decided to check for the open ports using the command : nmap -A 192.168.43.140

3 ports are open , 21(FTP) , 22(SSH) , 80(HTTP) and we have also discovered that on port 21 anonymous login is allowed . So we decided to login anonymously at port 21 using credentials : username : anonymous password :

we downloaded this file in our local machine using the get command .

Now we decided to open this file, .pcap is an application programming interface (API) for capturing network traffic.

So it is a .pcap file we opened the file in wireshark by using the command : wireshark lol.pcap

after examining the captured traffic carefully we found a very interesting packet .

it means sup3rs3cr3tdirlol is a directory . so we decided to browse HTTP service and without wasting our time we opened the directory : /sup3rs3cr3tdirlol

we downloaded this file in our local machine and after giving executable permission we run this binary and found a very useful message .

0x0856BF can be another hidden directory so we decided to open it.

Here we found two new folders and after exploring them we found a list of username and password as Pass.txt so we decided to bruteforce using hydra using the command : hydra -L pass -p Pass.txt 192.168.43.140 ssh

So we decided to login to SSH as user overflow with password Pass.txt .

now by using the command uname -a we find out information about the system and it looks like that kernel version is old .

we searched on the google for the kernel version exploit and we found a exploit here. we downloaded this exploit in our local machine.

Now we transfered it to the targeted machine in /tmp directory . It is a C file so we decided to compile it by using the command : gcc 37292.c -o haclabs0 .

Now by changing the permission to executable we run this binary and we get root access!

Done we are root now and this completes our challenge!

Subscribe to HacLabs newsletter

Get priority notification on the release of the latest articles.

  • YouTube
  • Twitter
  • Instagram
  • Linkedin

© 2020 by HacLabs.