Post

Hack Me Please 1

Posted Updated
Hack Me Please- 1 Machine !
Hack Me Please- 1 Machine !
By Shivendra Prajapati 1 min read

Description ⤵️

💡 Hack Me Please: 1 ➡️

Difficulty: Easy

Description: An easy box totally made for OSCP. No bruteforce is required.

Aim: To get root shell

Let’s find the IP Address first »

136-1.png

1

IP : 10.0.2.27

Port Scan Results ➡️

137-1.png

137-2.png

137-3.png

1
2
3
4

OPEN PORTS >
80    HTTP
3306  mysql
33060 mysqlx

Web Enumeration ⤵️

138-1.png

138-2.png

138-3.png

/seeddms51x/seeddms-5.1.22/

With hid and try method I used seeddms as username & password →

138-4.png

138-5.png

1
2
3
4
5
6
7
8
9

+----------------+---------------------------------+-----------------------------+----------------------------------------------+

| Employee_id    | Employee_first_name             | Employee_last_name          | Employee_passwd 						                  |

+----------------+---------------------------------+-----------------------------+----------------------------------------------+

|           1    |          saket         			   |		saurav             	     |		Saket@#$1337    					                |

+-------------+------------------------------------+-----------------------------+----------------------------------------------+

138-6.png

I was now able to crack the password So I changed it → to admin

138-7.png

138-8.png

Now the updates credentials are →

138-9.png

Lets try it now →

138-10.png

I got the access →

138-11.png

Added the reverse shell →

138-12.png

Now it is time to load the shell file →

138-13.png

138-14.png

139-1.png

139-2.png

139-3.png

ROOT !!

Summery Notes →

💡

  1. Tricky part was to find the /js/main.js file . After that the path becomes very easy .
  2. And also the updation of password was new for me .
  3. rest all was very easy peasy ..

If you have any questions or suggestions, please leave a comment below. Thank You !

VulnHub
CMS PrivEsc Public Exploit Recon mysql
This post is licensed under CC BY 4.0 by the author.