Billu-b0x 2 Hacking Challenge Walkthrough (Vulnhub)

in bestbillub0x2hackingchallenges •  6 years ago 


The aim of this lab is to attain root privileges. As usual the first step is mapping the IP address of the box so that we can begin the enumeration process.

On boot, the machine grabbed the following IP address:

192.168.10.101
With the IP, we can now discover any running services by firing up an nmap scan:


After analyzing the running services,I decided to focus on port 80 and I noted Drupal Version (8) Was hosted in the server.Lets try find available exploits.

After a little hastle , I got an exploit on Github and executed it against the target (192.168.10.101)

"CVE-2018-7600 | Drupal 8.5.x < 8.5.1 / 8.4.x < 8.4.6 / 8.x 
< 8.3.9 / 7.x? < 7.58 / < 6.x? - 'Drupalgeddon2' RCE (SA-CORE-2018-002)"

We are now logged in as user www-data. We can now figure out how to escalate privileges to root.

I tried to access etc/passwd file and I noted the file was world writable. This means we can add a root user and gain root access.This is one of the worst configuration mistakes that one can ever make as a system admin.


After using my friend google for sometime, I found this information.

"For backward compatibility, if a password hash is present in the second column in /etc/passwd, it takes precedence over the one in /etc/shadow.

Historically, an empty second field in /etc/passwd means that the account has no password, i.e. anybody can log in without a password (used for guest accounts). This is sometimes disabled. If passwordless accounts are disabled, you can put the hash of a password of your choice. You can use the crypt function to generate password hashes, for example perl -le 'print crypt("foo", "aa")' to set the password to foo."

Thanks to STACK EXCHANGE for the information because the next step was to attain root

Without much ado, let's run the script as follows:


Let’s add our new user into /etc/passwd


And there we are Root!!!!

Want to learn more about ethical hacking?


We have a networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/11/13/billu-b0x-2-hacking-challenge-walkthrough-vulnhub/

bestbillub0x2hackingchallenges billub0x2hackchallenges billub0x2hackerchallenges billub0x2pentestchallenges freehackingchallenges
6 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.06
  • Past Payouts $0.06
  • - Author $0.04
  • - Curators $0.02
2 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!