Post

Pwned

Posted Updated
Pwned Machine 🖥️
Pwned Machine 🖥️
By Shivendra Prajapati
1 min read

Description ⤵️

💡 Pwned ⤵️

  • VM name : Pwned
  • Difficulty : Easy
  • DHCP : Enabled
  • Goal : 3 flags
    This works better with VirtualBox rather than VMware

Let’s find the IP Address first »

176-1.png

1

IP : 10.0.2.28

Port Scan Results ➡️

176-2.png

176-3.png

1
2
3
4

OPEN PORTS >
21   FTP
22   SSH
80   HTTP

Web Enumeration ⤵️

176-4.png

Source code ⤵️

176-5.png

176-6.png

176-7.png

176-8.png

Lets deal with this login page →

176-9.png

1

ftpuser : B0ss_B!TcH

FTP Enumeartion ⤵️

Now logging in with that credentials →

176-10.png

176-11.png

176-12.png

With this lets have a shell now →

SHELL ⤵️

176-13.png

176-14.png

176-15.png

Now lets check sudo -l command →

176-16.png

while executing sudo -u selena ./home/messanger.sh

176-17.png

176-18.png

176-19.png

176-20.png

Lets try docker command for root access →

176-21.png

Now lets try this docker payload →

176-22.png

176-23.png

Now I got it →

176-24.png

176-25.png

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds, Play
Docker Exploit FTP PrivEsc
This post is licensed under CC BY 4.0 by the author.