Vulnhub Hackable: II Walkthrough

by Vince
in Blog
Hits: 407

The description states "Easy" and I think that pretty much sums it up.  A few moving parts, more than a lot of "Easy" rated boxes but nothing so challenging as to takes its rating any higher.

As always, we kick off with Nmap:



The anonymous FTP port catches our attention. 



When we access the FTP server, we find CALL.html and download it.

When we view the file, we find:



Nothing of use for us there.  Moving on to Nikto:



We uncover a directory, we access it:



Ah, now the pieces are coming together.  We have anonymous write access and we have access to that directory via the web browser.  We upload a reverse shell:



We then refresh that web directory and hit the shell:



With our handler setup:



Enumerating the operating system we find:



We attempt to find the script:



We cat the script:



We find what appears to be an MD5 hash, we attempt to crack it:



Excellent, we have a password!  We attempt to change accounts:



We check our sudo privileges for the user Shrek and we learn that we can execute python3.5 with root privileges.  We attempt to privilege escalate:



And, we're root! 

One last thing to do:



That's a wrap!