Vulnhub : JANGOW: 1.0.1: Walkthrough

About Vulnhub

VulnHub offers offline virtual machines, allowing users to practice without competing with other learners. There’s no need to worry about consistent internet access, high pings, or latency. Users can set up their own private labs to practice and learn new skills.

EXECUTIVE SUMMARY

This Vulnerability Assessment & Penetration Testing(VAPT) was performed during my summer holiday The detailed report and our findings are described below.

OBJECTIVE

Network security is not only concerned about the security of the computers at each end of the communication chain; however, it aims to ensure that the entire network is secure.

Network security entails protecting the usability, reliability, integrity, and safety of network and data. Effective network security defeats a variety of threats from entering or spreading on a network.

The primary goal of network security are Confidentiality, Integrity, and Availability. These three pillar of Network Security are often represented as CIA triangle.

My Lab Setup

I am running a Windows OS with Virtualbox installed. For this specific exercise, I have 2 virtual machines. The first is a Kali linux. The second is the virtual machine for JANGOW: 1.0.1. Both VM are on bridged adapter mode.

About JANGOW: 1.0.1

The goal of the capture the flag (CTF) is to gain root access to the target machine.

https://www.vulnhub.com/entry/jangow-101,754/

Disclaimer

All information, techniques and tools described in this write-up are for educational purposes only. Use anything in this write-up at your own discretion, I cannot be held responsible for any damages caused to any systems or yourselves legally. Usage of all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. It is your responsibility to obey all applicable local, state and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using information herein.

Lets Get Started

The machine will automatically be assigned an IP address from the network DHCP. It will be visible on the login screen. For me its 192.168.1.8.

Now we need to find out the open ports and services available on the machine. We will use the Nmap.

Nmap is now one of the core tools used by network administrators to map their networks. The program can be used to find live hosts on a network, perform port scanning, ping sweeps, OS detection, and version detection

-sV enumerate the version information

  • p- for full port scan

Here we had found that port 21 & 80 is open.

Trying to access port 21 by using default username & password.

It results Login Failed……..

After that try to open it in browser port 80 is open

We found one folder named site/ which took us to the below website

We run a Dirb scan to identify the hidden files and folders.

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses

In result we had found there is a wordpress folder in the web application.

Lets dig more by using gobuster

Gobuster is a tool used to brute-force URIs including directories and files as well as DNS subdomains

Lets find out what is in the wordpress……….

Here we have found 2 files

Index.html & config.php

In config.php we have found the following result…..

While exploring the website we had found a file buscar as it seems vulnerable

It give us the username & password

Username : jangow01

Password : abygurl69

Now lets use the above following credentials to login

Lets try the same credentials with remote machine

Successfully logged in with the same credentials

Username : jangow01

Password : abygurl69

Lets explore the remote machine

We checked the content of the current directory and we have found user.txt

Now lets try to find the os version using uname –a

Uname : It is a utility to check the system information of your Linux computer. The uname command is commonly used to checks OS details, OS architecture (32 bit or 64 bit), Linux Kernel version, and Kernel release.

We get to know that kernel is vulnerable. Lets find out the exploit and we have found the dirtycow-mem.c

Lets get this exploit

Execute the highlighted command on kali machine which is : gcc –Wall –o dirtycow-mem.c –ldl –lpthread

After executing it now lets put it in the remote machine

Now lets execute the exploit in the remote machine by giving the execution permission to the exploit

Exploit done Successfully and we get the remote access

This is the end. Thank you for reading this write-up.

--

--

--

Cyber Security Analyst https://www.facebook.com/suhelkathi.suhekathi

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Key to Smart Home Success: Safety and Security — ReadWrite

IDO Whitelist Token Buy and Claim Instruction

Could You Destroy a Data Center?

Corelan — Tutorial 7 — Exercise Solution

HSN Chief Scientist Daniel Sun |   On Traditional Encryption Methods

Wireless Hacking — Part7

Some tips to protect yourself from becoming a ransomware victim

Hack the Box — Swag shop Walk through

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Suhel Kathi

Suhel Kathi

Cyber Security Analyst https://www.facebook.com/suhelkathi.suhekathi

More from Medium

HackTheBox Pandora Write-Up

So, how can I get started in offensive security area?

Box 9: HTB - Forest

VulnHub: HarryPotter: Nagini