Vulnhub Machines Walkthrough Series — Fristileaks

In this article, we will see walkthroughs of an interesting Vulnhub machine called Fristileaks.

Please note: For all of these machines, I have used the VMware workstation to provision VMs. Kali Linux VM will be my attacking box. The techniques used are solely for educational purposes, and I am not responsible if listed techniques are used against any other targets.

VM Details

Download

Description: A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, and so on.

About

Name: Fristileaks 1.3
Author: Ar0xA
Series: Fristileaks
Style: Enumeration/Follow the breadcrumbs
Goal: get root (uid 0) and read the flag file
Tester(s): dqi, barrebas
Difficulty: Basic

Also a note for VMware users: VMware users will need to manually edit the VM’s MAC address to: 08:00:27:A5:A6:76

Walkthrough

  1. Download the Fristileaks VM from the above link and provision it as a VM.
  2. Let’s start with enumeration. First, we need to identify the IP of this machine. However, for this machine it looks like the IP is displayed in the banner itself

  3. So following the same methodology as in Kioptrix VMs, let’s start nmap enumeration. Below we can see that port 80 and robots.txt are displayed.

  4. Contents of robots.txt are:
    1. /cola
    2. /sisi
    3. /beer

    However, enumerating these does not yield anything.

  5. Nmap also suggested that port 80 is also opened. Let’s look out there.

  6. Unfortunately nothing was of interest on this page as well. Following the banner of “Keep Calm and Drink Fristi,” I thought of navigating to the /fristi directory since the others exposed by robots.txt are also name of drinks. To my surprise, it did resolve, and we landed on a login page.

  7. Quickly looking into the source code reveals a base-64 encoded string. Decoding (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/CX5ngErHFcc/