projects:penetration_testing:vulnhub_walkthroughs:pumpkin_garden

This is a write-up for PumpkinGarden,which is the first VM takeover I have done and I thought to start out with a simple one.

Completion time: 10 minutes

Difficulty: Very easy

Required knowledge/Tools: Basic Linux

Source:https://www.vulnhub.com/entry/mission-pumpkin-v10-pumpkingarden,321/

Running virtualization platform: VMWare

After importing the machine, I did a quick scan on the VMware interface to get the port to connect to the device on as at the time, i couldn't find the information on the hosted vulnhub page.

I arrived at the website and the page suggested to look for a map at the source. It seemed to hint at looking the source code of the website of the images and that is where I found the first hint.

This clue contained a string in base64. After decoding it online, I got the credentials.

After getting access to the machine with the credentials, there was a note file in the home directory of the user “scarecrow”

I then looked in the passwd file to determine the overall users on the machine and found a few.

I then swapped users to the goblin user, using the password provided in the note.

Then, there was a handy script for privilege escalation, and after giving the script the proper permissions to execute, it required a file you can edit to run.

And then we get to the root directory which has the flag!

  • projects/penetration_testing/vulnhub_walkthroughs/pumpkin_garden.txt
  • Last modified: 2019/08/12 00:23
  • by vares