Vulnhub dpwwn: 1 Walkthrough

    Not to be the guy who says this is easy because everyone is somewhere on the ladder but this one is a pretty big softball. 

    The description states:  "This boot2root is a linux based virtual machine and has been tested using VMware workstation 14."  Works fine on VirtualBox which is what I used.

    This is part of a new batch of servers that were dumped overnight and I had a few minutes to spare.

    Kicking off with Nmap:





    Couple of options but I quickly move to MySQL and I attempt to login using root and [no password]:  





    I'm in.  I search for databases and I find:





    Moving over to SSH:





    While checking out the home directory for Mistic, I find:





    While hunting crontab, I find:





    I modify the script with a revers shell:





    With my handler setup, I wait for it to execute:





    It pops, I'm root, and I go for the flag! 

    Simple as long as you understand what crontab does.  If not, that's a new lesson learned.


    © 2020 sevenlayers.com