In this article series, we will be looking at some interesting VulnHub virtual machines. This time, we will take a look at a VulnHub machine called VulnOSV2.
Note: For all these machines I have used VMware workstation to provision VMs. Kali Linux VM will be my attacking box. Also, the techniques used are solely for educational purpose. I am not responsible if listed techniques are used against any other targets.
VM Details: From the Author
- This is version 2 – Smaller, less chaotic
- As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.
1. Download the VulnOSV2 VM from the above link and provision it as a VM.
2. Following the routine from the series, let’s try to find the IP of this machine using the netdiscover command. Below, we can see that the IP address has been discovered to be 192.168.213.142.
<<netdiscover -r 192.168.0.0/24>>
3. As is the norm, we now need to find what services are running, what ports are exposed on the system. Below is the screenshot for the nmap scan result. We can see that ports 22, 80 and 6667 is open.
<<nmap -sC -sV 192.168.213.142>>
4. As usual, let’s browse over to port 80. Below is the landing page for port 80. Looking into the source code reveals nothing interesting; however, there is a link embedded in the page which points to /jabc.
5. The discovered link from the above page redirects us to the following Web page. Browsing each page and its source code did not reveal anything interesting until we hit (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/jYURf5DUcEw/