Hack the Jarbas: 1 (CTF Challenge)

Hello readers. We’d recently tried our hands on the vulnerable VM called Jarbas on vulnhub. It is developed to look like a 90s Portuguese search engine. It is made by Tiago Tavares. You can download the lab from here. The objective of this challenge is to get root shell.

Difficulty Level: Easy

Steps involved:

Method 1:

1. Port scanning and network discovery.
2. Directory enumeration.
3. Discovery of usernames and password hashes.
4. Cracking password hash.
5. Exploiting Jenkins on port 8080 using metasploit.
6. Discovering cronjob.
7. Modifying cronjob and replacing it with a custom command to set sticky bit on find.
8. Waiting 5 minutes for the sticky bit to get set.
9. Executing root command to read flag.

Method 2:

1. Exploiting Jenkins as above to get shell.
2. Using openssl to create a password hash.
3. Editing /etc/passwd file with our custom file.
4. Uploading it in /tmp folder.
5. Copying it in place of /etc/passwd.
6. Logging in as root using su binary.

FUll Article Read here