Vulnhub Hackable: II Walkthrough

by Vince
in Blog
Hits: 779

The description states "Easy" and I think that pretty much sums it up.  A few moving parts, more than a lot of "Easy" rated boxes but nothing so challenging as to takes its rating any higher.

As always, we kick off with Nmap:

The anonymous FTP port catches our attention. 

When we access the FTP server, we find CALL.html and download it.

When we view the file, we find:

Nothing of use for us there.  Moving on to Nikto:

We uncover a directory, we access it:

Ah, now the pieces are coming together.  We have anonymous write access and we have access to that directory via the web browser.  We upload a reverse shell:

We then refresh that web directory and hit the shell:

With our handler setup:

Enumerating the operating system we find:

We attempt to find the script:

We cat the script:

We find what appears to be an MD5 hash, we attempt to crack it:

Excellent, we have a password!  We attempt to change accounts:

We check our sudo privileges for the user Shrek and we learn that we can execute python3.5 with root privileges.  We attempt to privilege escalate:

And, we're root! 

One last thing to do:

That's a wrap!