HackMyVM Webmaster Walkthrough

by Vince
in Blog
Hits: 964

Another machine from the HackMyVM.eu site. This could be the fewest amount of images of any write-up.  A simple box but it ties a few things together making it kind of interesting. 

We kick off with Nmap:

DNS is UDP and when we see TCP, we have the potential to do bad things.  First, let's check out the web port:

TXT is a clue and could be a reference to a DNS TXT record.

We view source and find a message about the hostname but adding this to the hosts file does nothing for us in terms of host headers.

Back to DNS:

And there we go.  We have a TXT record.  Going out on a limb, I think it's the user John and his password. 

Attempting to SSH:

And we're in!

We check our sudo privileges:

At first glance, I don't have an exact path.  I look at the man pages for a second and I still don't see anything obvious without maybe some work.  This box is supposed to be easy so I look at processes:

Nginx is running as root.  We have the ability to write into /var/www/html/, we can upload a shell and get root by hitting the shell.

With our handler setup:

That's a wrap!  Fun little box.