BASIC PENTESTING: 1 VulnHub Write up

Introduction

In this post, You will learn how to CTF the BASIC PENTESTING: 1 and If you have any doubts related to downloading the box or need support, comment down below 👇🏾

To download the BASIC PENTESTING: 1 [Click Here]

Hacking Phases BASIC PENTESTING: 1

  • Scanning
    • Netdiscover
    • NMAP
  • Enumeration
    • Web Directory search 
    • Credential harvesting
  • Exploiting
    • Metasploit shell upload
    • sh
  • Privilege Escalation
    • Exploit Sudo rights

Let’s start

Hey you ❤️ Please check out my other posts, You will be amazed and support me by following on youtube.

https://www.youtube.com/@techyrick-/videos

Finding Target IP

To find the target IP let’s use the below command, or you can go with the net discover command.

netdiscover

Nmap

To start off the reconnaissance process, I ran an nmap scan to pinpoint the open ports on the system.

Here’s the command I used:

nmap -sC -sV -Pn <IP> 
-sC: Default Scripts 
-sV: Default Versions 
-Pn: Skip Host Discovery


The target machine has three open ports:

  • Port 21/tcp: FTP (ProFTPD 1.3.3c)
  • Port 22/tcp: SSH (OpenSSH 7.2p2 Ubuntu)
  • Port 80/tcp: HTTP (Apache httpd 2.4.18)

I decided to focus on the open port 21 FTP service to explore potential ways to gain root access to this target machine.

Finding vulnerability

I utilized the ‘searchsploit’ command to search for ProFTPD 1.3.3c on ExploitDB.

To Learn About Search Sploit [Click Here]

I discovered two exploits for ProFTPD 1.3.3c. This version was compromised by a backdoor, which is a malicious code hidden within the source code.

Specifically, there’s a vulnerability named Backdoor Command Execution that can be exploited using the Metasploit framework.

Exploiting

Within the Metasploit Console, I conducted a search for “proftpd” to find an exploit applicable to this software. Several exploits were available for proftpd. I selected the exploit/unix/ftp/proftpd_133c_backdoor to target the machine.

Next, I’m going to examine the options available for this particular exploit.

Now, I need to specify the RHOST [Target Machine’s IP Address].

Once I’ve set the RHOST, I proceeded to search for payloads compatible with this exploit.

Among the various available payloads, I selected the cmd/unix/reverse payload to exploit this vulnerability.

Now, I’m setting up the payload.

Following the payload setup, I need to specify the LHOST [IP address of my Kali Machine].

Alright, all the configurations are set up. Now, I’ll proceed to exploit it.

Privilege Escalation

Got it. Now that I have root access to the target machine, I’m going to search for the password of “marlinspike”. I’ve opened a Python spawned shell to proceed. Next, I’m examining the shadow file.

I’ve copied this entry to a new file for hash cracking:

marlinspike:$6$wQb5nV3T$xB2WO/jOkbn4t1RUILrckw69LR/0EMtUbFFCYpM3MUHVmtyYW9.ov/aszTpWhLaC2x6Fvy5tpUUxQbUhCKbl4/:17484:0:99999:7:::

I utilized John The Ripper to crack this hash.

At last, I’ve discovered the password for “marlinspike,” and it is indeed “marlinspike.”

Finally, I gained root access and retrieved the password for the “marlinspike” user on this box. I exploited the open port 21/tcp — FTP — (ProFTPD 1.3.3c) vulnerability in the Basic Pentester:1 Box on Vulnhub.

Conclusion

Overall, this was an enjoyable task. It took some time to uncover the details, but it served as an excellent introduction to fundamental penetration testing and ensured my home lab setup was functioning smoothly.


Share your love

One comment

Comments are closed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site