Post

Funbox : EasyEnum

Posted Updated
Funbox-Easy-Enum Machine 🖥️
Funbox-Easy-Enum Machine 🖥️
By Shivendra Prajapati
1 min read
Machine
Details
Vulnhubhttps://www.vulnhub.com/entry/funbox-easyenum,565/
Level
script-kiddies
Creator
0815R2d2

Description ⤵️

💡 Boot2root in 6 steps for script-kiddies.
Timeframe to root this box: 20 mins to never ever. It is on you.

HINTS:


Enum without sense, costs you too many time:

  1. Use “Daisys best friend” for information gathering.
  2. Visit “Karla at home”.
  3. John and Hydra loves only rockyou.txt
  4. Enum/reduce the users to brute force with or brute force the rest of your life.
    This works better with VirtualBox rather than VMware

Let’s find the IP Address first »

165-1.png

1

IP : 10.0.2.18

Port Scan Results ➡️

165-2.png

1
2
3

OPEN PORTS >
22  SSH
80  HTTP

Web Enumeration ⤵️

165-3.png

165-4.png

165-5.png

Lets look into directory or files bruteforcing files / folders →

165-6.png

165-7.png

I uploaded the php_reverse_shell code →

165-8.png

SHELL ➡️

Now lets check /etc/passwd

165-9.png

Now I have to crack the password → so lets use hashcat →

1
2

command → 
hashcat -m 500 pass.hash /usr/share/wordlists/rockyou.txt

165-10.png

1

oracle : hiphop

Lets recon more on web →

165-11.png

Lets check →

165-12.png

1

phpmyadmin : tgbzhnujm!

165-13.png

Now I tried this password for karla →

165-14.png

And I got in →

165-15.png

It time for root !!

165-16.png

165-17.png

I got one more user credentials →

165-18.png

Another Way to root →

Now lets brute force the password for user goat which contains the shadow.bak file →

I got result after 15-20 min →

165-19.png

1

goat : thebest

165-20.png

165-21.png

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds, Play, Funbox
Recon hashcat mysql PrivEsc File Upload
This post is licensed under CC BY 4.0 by the author.