Post

Drifting Blue 1

Posted Updated
Drifting Blue 1 Machine 🖥️
Drifting Blue 1 Machine 🖥️
By Shivendra Prajapati
1 min read

Description ⤵️

💡 DriftingBlues: 1
get flags
difficulty: easy
about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email (it should be on my profile) for troubleshooting or questions.

Let’s find the IP Address first »

166-1.png

1

IP : 10.0.2.19

Port Scan Results ➡️

166-2.png

1
2

OPEN PORT >
80   HTTP

Web Enumeration ⤵️

166-3.png

While checking the source code of this site page I got this →

166-4.png

166-5.png

166-6.png

166-7.png

Now I have to crack the password for the sapmmer.zip file →

166-8.png

1

myspace4

166-9.png

166-10.png

1

mayer : lionheart

166-11.png

Now I got in lets try for reverse shell →

166-12.png

Now Only I have to load this url → http://10.0.2.19/textpattern/files/shell.php

166-13.png

SHELL ➡️

config.php file for credentials →

166-14.png

1

drifter : imjustdrifting31

166-15.png

Now I checked SUIDs and GUIDs files →

166-16.png

166-17.png

I am not able to run any exploit of exim so let is check the kernel version and exploit it accordingly →

166-18.png

Now lets try it out →

166-19.png

166-20.png

Now lets run su firefart

166-21.png

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds, Play
DirtyCow Password Bruteforce PrivEsc fcrackzip File Upload
This post is licensed under CC BY 4.0 by the author.