Skip to content

Pluck Walkthrough (VulnHub)

Hello Hackers.
Welcome to my another walkthrough. at this  time we’ll look another VM, Pluck is a new VM in VulnHub and its very easy to hack. This Is very good for Newbie hackers for practice and explore their Hacking skills.


We know Target IP : (in my case)

Download Link :


Now lets Start our Walkthrough.

Scan VM using namp


nmap -p- -sV

now we know server’s port 80 open. that means server to host any website.

Scan Vulnerability and Exploitin 

Explore this website and search vulnerability. When i visited its About and Contact us page i noticed  url , its showing me page=about.php parameter with .php file.

I  decided to try to exploit LFI( Local File Inclusion ) attack.

payload : /etc/passwd

URL look like :

Note : at the end of file its leak Backup script file path and name (Highlighted in image above)

now url is :

This script contain very usefull information (See Highlighted text in above pic)

now we know the server use tftp protocol for backup their data.

Lets Fireup our Terminal and type.


we know the backup file name backup.tar

tftp> get backup.tar

Goto your local directory and extract backup.tar

In Backup/home directory 3 user present but only paul have keys.

Using paul keys to login SSH (Try each key )

lets try ssh, Fireup ur terminal and type

ssh -i id_key4 paul@

Pdmenu appear. Now there i stuck for some mins to figure out what next.

So, i Decided to select Edit file option in Pdmenu

when i click Edit file shows prompt for name.

in prompt i typed ” ; id ”  (without quotes) and enter.<–This vulnerability is know as Command Injection

When u press Enter Vim screen up just type ” :q ” (without quotes )

After exit Vim u can see ur next command output which u inject in prompt.

Do Again last to step : Goto Edit file but this time type “; /bin/bash ” in prompt.

if you do all the things correctly. below the output.

We got paul’s Shell.

Privilege Escalation

now the final step s privilege escalation. to get root privilege first check kernel version (there are many way to get root access )

uname -a

kernel version is : 4.8.0

Dirty cow is the best vulnerability for this version of kernel.

URL link :

Download this exploit in paul’s home directory using wget command.


mv 40616 dirtycow.c

now compile and run dirtycow.c

gcc dirtycow.c -o  dirtycow -pthread


We Got root privilege. woooooooooooooooooh

cat /root/flag.txt



Thank you. Comment Below for more



Published inVulnHubWalkthrough


  1. That is a great tip especially to those fresh to
    the blogosphere. Short but very accurate information… Appreciate your
    sharing this one. A must read post!

    • Touhid Shaikh Touhid Shaikh

      thanks For Appreciating Me….

  2. Touche. Sound arguments. Keep up the amazing work.

  3. Hey very cool blog!! Man .. Excellent ..
    Wonderful .. I will bookmark your website and take the feeds additionally?
    I am happy to find numerous helpful info right
    here within the post, we need develop extra strategies on this regard, thank you for sharing.
    . . . . .

  4. I love your blog.. very nice colors & theme. Did you create this website yourself or did you hire someone to do it for you?
    Plz respond as I’m looking to construct my
    own blog and would like to know where u got this from. thanks

  5. Superb, what a blog it is! This website gives useful data to us, keep it up.

  6. This is my first time visit at here and i am in fact impressed to read all
    at one place.

Leave a Reply to manicure Cancel reply

Your email address will not be published. Required fields are marked *