Vulnhub Machines Walkthrough Series — PwnLab-Init

Continuing with our series on Vulnhub machines, in this article we will see a walkthrough of another interesting Vulnhub machine called PwnLab-Init.

Note: For all these machines, I have used a VMware workstation to provision VMs. Kali Linux VM will be my attacking box. Also, the techniques used are solely for educational purposes; I am not responsible if the listed techniques are used against any other targets.

PwnLab-Init Walkthrough

Download

VM Details

Description: Wellcome to “PwnLab: init”, my first Boot2Root virtual machine. Meant to be easy, I hope you enjoy it and maybe learn something. The purpose of this CTF is to get root and read de flag.

About:

  • Difficulty: Low
  • Flag: /root/flag.txt
  • Format: Virtual Machine (Virtualbox – OVA)
  • Operating System: Debian
  • DHCP service: Enabled
  • IP address: Automatically assign

Walkthrough

  1. Download the VM from above link and provision it as a VM.
  2. Let’s start with enumeration. First, we need to identify the IP of this machine. Let’s use netdiscover to identify it. Below, we can see netdiscover in action. The IP of the victim machine is 192.168.213.135.

  3. Now that we know the IP, let’ start with enumeration. We will use nmap to enumerate the host.

  4. We can see that port 80, 111 and 3306,34579 came after initial enumeration.
  5. As done earlier in this series, as soon as we found port 80 we will start exploring what is there and start looking for quick wins before enumerating the service more.
  6. Browsing the machine at port 80 gives us the following page.

  7. We can see Home, Login and Upload. What more can we expect to see on the home page? Links to login and upload. Without even opening any links, techniques such as SQL injection and shell upload start hovering in my brain.
  8. However, my joy was (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/HMv8bT5k6MQ/