Vulnhub DriftingBlues: 7 Walkthrough

by Vince
in Blog
Hits: 375

No description on this one but it is rated as "easy".  I would say that there are a few moving parts and you can get sucked down a rabbit hole if you're not careful.  Stick to the first thing, latch on, go from there.

We kick off with Nmap:



We check out the web port and we find "Eyes of Network":



When we dig through Exploit-Db we find a few items but this one stands out because it's unauthenticated remote code execution:



I ran the exploit the first time and it seemed to work but it didn't get a shell.  It also referenced localhost instead of my attacking IP.  While, technically, I think that should, I defined it specifically.  I commented out the original line and replaced it with:



Upon execution:



The web server must be running as root -- no privilege escalation required!

One last thing to do:



And that's a wrap!  I did some digging around after and there are some other avenues so I don't know if this was the intended route but root is root.