VulnHub offers offline virtual machines, allowing users to practice without competing with other learners. There’s no need to worry about consistent internet access, high pings, or latency. Users can set up their own private labs to practice and learn new skills.
This Vulnerability Assessment & Penetration Testing(VAPT) was performed during my summer holiday The detailed report and our findings are described below.
Network security is not only concerned about the security of the computers at each end of the communication chain; however, it aims to ensure that the entire network is secure.
Network security entails protecting the usability, reliability, integrity, and safety of network and data. Effective network security defeats a variety of threats from entering or spreading on a network.
The primary goal of network security are Confidentiality, Integrity, and Availability. These three pillar of Network Security are often represented as CIA triangle.
My Lab Setup
I am running a Windows OS with Virtualbox installed. For this specific exercise, I have 2 virtual machines. The first is a Kali linux. The second is the virtual machine for JANGOW: 1.0.1. Both VM are on bridged adapter mode.
About JANGOW: 1.0.1
The goal of the capture the flag (CTF) is to gain root access to the target machine.
All information, techniques and tools described in this write-up are for educational purposes only. Use anything in this write-up at your own discretion, I cannot be held responsible for any damages caused to any systems or yourselves legally. Usage of all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. It is your responsibility to obey all applicable local, state and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using information herein.
Lets Get Started
The machine will automatically be assigned an IP address from the network DHCP. It will be visible on the login screen. For me its 192.168.1.8.
Now we need to find out the open ports and services available on the machine. We will use the Nmap.
Nmap is now one of the core tools used by network administrators to map their networks. The program can be used to find live hosts on a network, perform port scanning, ping sweeps, OS detection, and version detection
-sV enumerate the version information
- p- for full port scan
Here we had found that port 21 & 80 is open.
Trying to access port 21 by using default username & password.
It results Login Failed……..
After that try to open it in browser port 80 is open
We found one folder named site/ which took us to the below website
We run a Dirb scan to identify the hidden files and folders.
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses
In result we had found there is a wordpress folder in the web application.
Lets dig more by using gobuster
Gobuster is a tool used to brute-force URIs including directories and files as well as DNS subdomains
Lets find out what is in the wordpress……….
Here we have found 2 files
Index.html & config.php
In config.php we have found the following result…..
While exploring the website we had found a file buscar as it seems vulnerable
It give us the username & password
Username : jangow01
Password : abygurl69
Now lets use the above following credentials to login
Lets try the same credentials with remote machine
Successfully logged in with the same credentials
Username : jangow01
Password : abygurl69
Lets explore the remote machine
We checked the content of the current directory and we have found user.txt
Now lets try to find the os version using uname –a
Uname : It is a utility to check the system information of your Linux computer. The uname command is commonly used to checks OS details, OS architecture (32 bit or 64 bit), Linux Kernel version, and Kernel release.
We get to know that kernel is vulnerable. Lets find out the exploit and we have found the dirtycow-mem.c
Lets get this exploit
Execute the highlighted command on kali machine which is : gcc –Wall –o dirtycow-mem.c –ldl –lpthread
After executing it now lets put it in the remote machine
Now lets execute the exploit in the remote machine by giving the execution permission to the exploit
Exploit done Successfully and we get the remote access
This is the end. Thank you for reading this write-up.