登录查看更多内容

Bilu B0x Vulnerable VM

Dehvon C.

DevSecOps Arch | $BVD Founder

发布日期: 2017年8月26日

+ 关注

Goal: Break into VM using web application. From there escalate privileges to gain root access

Phase 1 | Reconnaissance

find the target using netdiscover with the -r flag to specify the range

TARGET: 192 .168.56.7

map the target using NMAP with the services flag (-sV), the OS flag (-O) and -n (skip DNS resolution)

SSH and HTTP services running on a Linux 3.2 box.

Phase 2 | Scanning

Browser shows a login portal with nothing in the source code of interest.

scan directories using dirb

?found file parameter error on /test

Phase 3 | Enumeration

included my own parameter as an LFI, in a POST Request using curl, which successfully pulled the /etc/passwd file

since I was able to curl the passwd file, I went straight for the juice. PHP config files hold credentials, which is exactly what I need. Once I found the config, I found the credentials.

Phase 3 | Gaining Access

With these credentials in hand, I SSH into the box

confirmed root

Phase 4 | Maintaining Access

added a backdoor using netcat :)

要查看或添加评论，请登录

Dehvon C.的更多文章

The Power of Simplicity: Why Less Code Leads to Fewer Vulnerabilities in Smart Contracts

2025年2月15日

The Power of Simplicity: Why Less Code Leads to Fewer Vulnerabilities in Smart Contracts

Smart contract development has grown substantially with the rise of decentralized finance (DeFi), non-fungible tokens…

2 条评论
Robust Smart Contracts: Checks-Effects-Interactions Pattern for Secure?dApps

2024年10月21日

Robust Smart Contracts: Checks-Effects-Interactions Pattern for Secure?dApps

Introduction The checks-effects-interactions pattern is a foundational design principle in Solidity that helps prevent…
Penpie Finance Hack: How a Reentrancy Vulnerability Led to a $27M Exploit

2024年10月21日

Penpie Finance Hack: How a Reentrancy Vulnerability Led to a $27M Exploit

In September 2024, the Web3 space was rocked by a significant security breach, when Penpie Finance, a protocol…
Timestamp Dependency Smart Contract Exploit Using Forge: Step-by-Step Guide

2024年10月21日

Timestamp Dependency Smart Contract Exploit Using Forge: Step-by-Step Guide

A Timestamp Dependence attack occurs when a smart contract relies on the for critical operations like randomness or…
Step-by-Step Reentrancy Attack with Ethereum Remix

2024年10月19日

Step-by-Step Reentrancy Attack with Ethereum Remix

Reentrancy attacks are one of the most notorious vulnerabilities in smart contracts, especially on platforms like…
Ethereum Price Compression Through Layer 2 Scalability Solutions

2024年9月26日

Ethereum Price Compression Through Layer 2 Scalability Solutions

Overview Ethereum Layer 2 (L2) scaling solutions, such as Optimism, Arbitrum, and zk-rollups, have become pivotal in…
Navigating Rust's Path System: The Role of the Double Colon`::`

2024年9月12日

Navigating Rust's Path System: The Role of the Double Colon`::`

In the Rust programming language, clarity and organization are paramount, and one of the key symbols that helps achieve…
A Comprehensive Guide to Variable Types in Solidity

2024年8月28日

A Comprehensive Guide to Variable Types in Solidity

Solidity is a statically-typed programming language used to write smart contracts on the Ethereum blockchain. It…
Securing A.I.: Understanding the Top 10 Machine Learning Attacks

2024年4月25日

Securing A.I.: Understanding the Top 10 Machine Learning Attacks

Artificial Intelligence (AI) and Machine learning (ML) is rapidly transforming our world, from facial recognition…
Secure Your Vertex AI Workbench for Enterprise Machine Learning

2024年3月15日

Secure Your Vertex AI Workbench for Enterprise Machine Learning

Vertex AI Workbench is a powerful platform on Google Cloud Platform (GCP) that streamlines the Machine Learning (ML)…

1 条评论

See all articles

Bilu B0x Vulnerable VM

Dehvon C.

DevSecOps Arch | $BVD Founder

Phase 1 | Reconnaissance

Phase 2 | Scanning

Phase 3 | Enumeration

Phase 3 | Gaining Access

Phase 4 | Maintaining Access

Dehvon C.的更多文章

社区洞察

其他会员也浏览了

Exploring Ram in linux

CTF: Smag Grotto – Boot to root

Pentest Lab Setup on Memcached

WebDAV to Run a Secret Communication Channel between Victim and Control Server

How to create a debug SHA1 key

3. Junos software upgrade via FTP using wget

Compile time and link time Interpositioning

What is inside a directory? (ls *.c overview)

Integrating a Custom Daemon into AOSP: A Step-by-Step Guide

Investigating Windows

Phase 1 | Reconnaissance

Phase 2 | Scanning

Phase 3 | Enumeration

Phase 3 | Gaining Access

Phase 4 | Maintaining Access

Dehvon C.的更多文章

The Power of Simplicity: Why Less Code Leads to Fewer Vulnerabilities in Smart Contracts

Robust Smart Contracts: Checks-Effects-Interactions Pattern for Secure?dApps

Penpie Finance Hack: How a Reentrancy Vulnerability Led to a $27M Exploit

Timestamp Dependency Smart Contract Exploit Using Forge: Step-by-Step Guide

Step-by-Step Reentrancy Attack with Ethereum Remix

Ethereum Price Compression Through Layer 2 Scalability Solutions

Navigating Rust's Path System: The Role of the Double Colon`::`

A Comprehensive Guide to Variable Types in Solidity

Securing A.I.: Understanding the Top 10 Machine Learning Attacks

Secure Your Vertex AI Workbench for Enterprise Machine Learning

社区洞察

其他会员也浏览了

Exploring Ram in linux

CTF: Smag Grotto – Boot to root

Pentest Lab Setup on Memcached

WebDAV to Run a Secret Communication Channel between Victim and Control Server

How to create a debug SHA1 key

3. Junos software upgrade via FTP using wget

Compile time and link time Interpositioning

What is inside a directory? (ls *.c overview)

Integrating a Custom Daemon into AOSP: A Step-by-Step Guide

Investigating Windows