projects:penetration_testing:vulnhub_walkthroughs:pumpkin_garden

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
projects:penetration_testing:vulnhub_walkthroughs:pumpkin_garden [2019/08/12 00:22]
vares
projects:penetration_testing:vulnhub_walkthroughs:pumpkin_garden [2019/08/12 00:23] (current)
vares old revision restored (2019/08/06 11:37)
Line 7: Line 7:
 Required knowledge/​Tools:​ Basic Linux Required knowledge/​Tools:​ Basic Linux
  
-Source:​https://​www.vulnhub.com/​entry/​basic-pentesting-1,216/+Source:​https://​www.vulnhub.com/​entry/​mission-pumpkin-v10-pumpkingarden,321/
  
 Running virtualization platform: VMWare Running virtualization platform: VMWare
Line 13: Line 13:
  
  
 +After importing the machine, I did a quick scan on the VMware interface to get the port to connect to the device on as at the time, i couldn'​t find the information on the hosted vulnhub page.
  
  
 +I arrived at the website and the page suggested to look for a map at the source. It seemed to hint at looking the source code of the website of the images and that is where I found the first hint.
  
-After importing the machine, I did a quick nmap scan to find out what services were running there.+{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-06_11-14-27.png}}
  
-There were three services running there 
  
-1FTP on port 21.+This clue contained a string in base64After decoding it online, I got the credentials.
  
-2. SSH on port 22.+{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-06_11-16-28.png}}
  
-3. HTTP on port 80 
  
-===== FTP =====+After getting access to the machine with the credentials,​ there was a note file in the home directory of the user "​scarecrow"​
  
-The initial nmap scan didn't provide me with much info so I used msfconsole auxiliary information gathering tool about FTP, which gave me information about the banner of the FTP server.+{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-06_11-17-15.png}}
  
-{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-12_01-38-17.png}} 
  
  
-A quick google of that showed that it this specific version of the FTP server came from a time when it had a backdoor ​in it and anyone can connect ​to it.+I then looked ​in the passwd file to determine the overall users on the machine and found a few.
  
-Thankfully for simplicity'​s sake, msfconsole has the vulnerability exploit built in.+{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-06_11-18-03.png}}
  
-{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-12_01-39-17.png}} 
  
 +I then swapped users to the goblin user, using the password provided in the note.
  
-{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-12_01-39-44.png}}+{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-06_11-18-46.png}}
  
  
 +Then, there was a handy script for privilege escalation, and after giving the script the proper permissions to execute, it required a file you can edit to run.
  
-{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-12_01-39-56.png}}+{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-06_11-28-46.png}}
  
- +And then we get to the root directory which has the flag!
-And we have an open shell immediately running under root privileges. +
- +
-{{projects:​penetration_testing:​vulnhub_walkthroughs:​screenshot_from_2019-08-12_01-43-40.png}}+
  
  
  
  
  • projects/penetration_testing/vulnhub_walkthroughs/pumpkin_garden.txt
  • Last modified: 2019/08/12 00:23
  • by vares