Vulnhub Hemisphere: Lynx Walkthrough

by Vince
in Blog
Hits: 1162

The very short description sates:  "Difficulty: Easy, Flag: 2 (user & root), Enumeration | Brute Forze"

Let's start off with the obvious, we know there's going to be brute force involved.  Let me also say that if you're going to make a vulnerable machine, don't bury the password deep into rockyou because it doesn't add value to the experience, it only prolongs the process. 

Enough said, let's kick off with Nmap:


A few ports to check out, let's see what's on the web port:


Let's translate it:


Running enum4linux we find:


We also see that name on the web page so let's brute force:


Much time passes and we get:


We SSH into the box:


We find the user flag:


In the home directory we run ls -al -R which recursively performs a directory listing.  As we're scrolling through we find .creds in the /Desktop directory:


We cat .creds and we find base64. 


We decode the base64 which presents us with credentials but the entire line is reversed.  We echo the line to rev and we get the uid and pass for root.  We su to root and it's game over.  One last thing to do:


I wish I didn't have to spend that much time brute forcing.