top of page
Search

Tr0ll walkthrough

In this article we are going to solve another boot2root challenge Tr0ll . This is a beginner level machine . we can Download this machine from vulnhub.


walkthrough


Using the command netdiscover -i wlan0 we find out the IP address of the Target machine .

now we decided to check for the open ports using the command : nmap -A 192.168.43.140

3 ports are open , 21(FTP) , 22(SSH) , 80(HTTP) and we have also discovered that on port 21 anonymous login is allowed . So we decided to login anonymously at port 21 using credentials : username : anonymous password :

we downloaded this file in our local machine using the get command .

Now we decided to open this file, .pcap is an application programming interface (API) for capturing network traffic.

So it is a .pcap file we opened the file in wireshark by using the command : wireshark lol.pcap

after examining the captured traffic carefully we found a very interesting packet .

it means sup3rs3cr3tdirlol is a directory . so we decided to browse HTTP service and without wasting our time we opened the directory : /sup3rs3cr3tdirlol

we downloaded this file in our local machine and after giving executable permission we run this binary and found a very useful message .

0x0856BF can be another hidden directory so we decided to open it.

Here we found two new folders and after exploring them we found a list of username and password as Pass.txt so we decided to bruteforce using hydra using the command : hydra -L pass -p Pass.txt 192.168.43.140 ssh

So we decided to login to SSH as user overflow with password Pass.txt .

now by using the command uname -a we find out information about the system and it looks like that kernel version is old .

we searched on the google for the kernel version exploit and we found a exploit here. we downloaded this exploit in our local machine.

Now we transfered it to the targeted machine in /tmp directory . It is a C file so we decided to compile it by using the command : gcc 37292.c -o haclabs0 .

Now by changing the permission to executable we run this binary and we get root access!

Done we are root now and this completes our challenge!