Post

Hack Me Please : 1

Posted Updated
Hack Me Please- 1 Machine !
Hack Me Please- 1 Machine !
By Shivendra Prajapati
1 min read

Description ⤵️

💡 Hack Me Please: 1 ➡️

Difficulty: Easy

Description: An easy box totally made for OSCP. No bruteforce is required.

Aim: To get root shell

Let’s find the IP Address first »

136-1.png

1

IP : 10.0.2.27

Port Scan Results ➡️

137-1.png

137-2.png

137-3.png

1
2
3
4

OPEN PORTS >
80    HTTP
3306  mysql
33060 mysqlx

Web Enumeration ⤵️

138-1.png

I did directory listing with Feroxbuster Tool.

138-2.png

While checking the source code of /js/main.js file, I got a hint for a directory.

138-3.png

/seeddms51x/seeddms-5.1.22/

With hid & try method I used seeddms as username & password →

138-4.png

138-5.png

Employee_idEmployee_first_nameEmployee_last_nameEmployee_passwd
1saketsauravSaket@#$1337

138-6.png

I was now able to crack the password So I changed it → to admin

138-7.png

138-8.png

Now the updates credentials are →

138-9.png

Lets try it now →

138-10.png

I got the access →

138-11.png

Added the reverse shell →

138-12.png

Now it is time to load the shell file →

138-13.png

138-14.png

139-1.png

139-2.png

139-3.png

ROOT !!

Summery Notes →

💡

  1. Tricky part was to find the /js/main.js file . After that the path becomes very easy .
  2. And also the updation of password was new for me .
  3. rest all was very easy peasy ..

If you have any questions or suggestions, please leave a comment below. Thank You !

VulnHub
CMS PrivEsc Public Exploit Recon mysql Seeddms
This post is licensed under CC BY 4.0 by the author.