Vulnhub Machines Walkthrough Series – Vulnix

Today we’ll be continuing with our series on Vulnhub virtual machine exercises. In this article, we will see a walkthrough of an interesting Vulnhub machine called Vulnix.

Note: For all of these machines, I have used the VMware workstation to provision the virtual machines (VMs). Kali Linux VM will be my attacking box. And please remember: the techniques used here are solely for educational purposes. I am not responsible if these techniques are used against any other targets.

Download

Description from Vulnhub: Here we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!)

The host is based upon Ubuntu Server 12.04 and is fully patched as of early September 2012. The details are as follows:

  • Architecture: x86
  • Format: VMware (vmx & vmdk) compatibility with version 4 onwards
  • RAM: 512MB
  • Network: NAT
  • Extracted size: 820MB
  • MD5 Hash of Vulnix.7z: 0bf19d11836f72d22f30bf52cd585757

The goal; boot up, find the IP, hack away and obtain the trophy hidden away in /root by any means you wish – excluding the actual hacking of the vmdk

1. Download the Vulnix VM from above link and provision it as a VM.

2. Following established routine from this series, let’s try to find the IP of this machine using Netdiscover. Below, we can see that the IP address is 192.168.213.140.

3. Now since we know the IP address, let’s start enumerating the machine with Nmap. Below is the initial output from the Nmap scan. We can see that lot of ports are opened on this machine such as 22, 25, 79, 110, 143, 512, 513 and so on.

4. Since port 25 is opened, let’s try to make connection to it using Netcat. Below is an output for the same. (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/NJNvihiqAWE/