broken

Broken: Gallery Full Walkthrough From Vulnhub

Introduction

In this post, You will learn how to CTF the Broken Gallery and below is the video format of the post, Check it out ????????

To download the broken gallery box [click here]

Hacking Phases in Broken

  • Finding target IP
  • NMap scan
  • Enumeration
  • Brute force
  • ssh connect
  • Post enumeration
  • Abusing sudo rights

Advertisement

Let’s Hack Broken: Gallery

Follow the steps carefully and if there is any kind of error or the box is not working you are free to text me on discord, click below to join my discord community ????????

Discord: https://discord.gg/rmW5eWsjhR

Finding target IP

To find the target IP we can just type sudo arp-scan -l or use net discover command

sudo arp-scan -l

In my case the target IP is 192.168.64.30

NMap Scan

Let’s use nmap to find open ports and the service and the version.

nmap -A 192.168.64.30

There are only 2 ports open port 22 and port 80, We will be using port 22 that is ssh to connect to target.

Viewing target website

After viewing the target site I thought of copying the keywords and save it in file and then do a brute force.

Bruteforcing using hydra

hydra -L user -P pwd 192.168.64.30 ssh

We have successfully brute forced and let’s try to login to the target machine.

The password is broken

SSH connect target

Connecting to the target via ssh.

ssh broken@192.168.64.30

Privilege Escalation

To escalate the root privilege, we went for post enumerating and looked for .bash_history file.

In this file, we noticed some interesting action has been performed by the author which was pointing towards a file name “password-policy.sh” that exist inside /etc/init.d moreover a command to set time-date using “timedatectl” command and much more.

If we enter the below command we could find the root password.

cat /etc/init.d/password-policy.sh

Let’s set the time and reboot the system.

sudo timedatectl set-time '2015-11-20 16:14:50' 
sudo /sbin/reboot

Root Access

Now wait for the machine to start again and the do a ssh connect to the target enter the root password as ‘TodayIsAgoodDay’

Conclusion

According to me this box is so so easy but unfortunately I was stuck at the reboot this is because the utmost has issue with the emulated software. Hope you like the post.

See ya in next post????????????


Also Read: How to CTF the matrix

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site

 

Scroll to Top