Hack the Jarbas: 1 (CTF Challenge)
Hello readers. We’d recently tried our hands on the vulnerable VM called Jarbas on vulnhub. It is developed to look like a 90s Portuguese search engine. It is made by Tiago Tavares. You can download the lab from here. The objective of this challenge is to get root shell.
Difficulty Level: Easy
Steps involved:
Method 1:
- Port scanning and network discovery.
- Directory enumeration.
- Discovery of usernames and password hashes.
- Cracking password hash.
- Exploiting Jenkins on port 8080 using metasploit.
- Discovering cronjob.
- Modifying cronjob and replacing it with a custom command to set sticky bit on find.
- Waiting 5 minutes for the sticky bit to get set.
- Executing root command to read flag.
Method 2:
- Exploiting Jenkins as above to get shell.
- Using openssl to create a password hash.
- Editing /etc/passwd file with our custom file.
- Uploading it in /tmp folder.
- Copying it in place of /etc/passwd.
- Logging in as root using su binary.
FUll Article Read here