MISDIRECTION
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Misdirection, from the VulnHub pentesting platform.
- Misdirection can be downloaded from here:
https://www.vulnhub.com/entry/misdirection-1,371/
- Once downloaded Misdirection and extracted with VmWare:
2 - ENUMERATION
- netdiscover helps to identify Misdirection's IP 192.168.1.28:
- Scanning with Nmap:
- Browsing ports 80 and 8080:
- Dirbusting web server at port 8080:
- After browsing some webpages we find a management shell at webpage /debug:
3 - EXPLOITATION
- Setting a Netcat listener at port 5555:
- Sending a reverse shell command from Misdirection to Kali:
- Finally a remote shell is triggered:
- Improving the shell:
- Going to folder /home we discover the user brexit:
4 - CAPTURING 1st FLAG
- Trying to read user.txt the access is denied:
- Checking www-data's sudoer privileges we discover he can run /bin/bash as user brexit:
- Now we can read user.txt:
5 - PRIVILEGE ESCALATION
- Finding that file /etc/passwd is writable:
- Creating an encrypted password for a new user:
- Adding this new line to /etc/passwd:
- Now switching to newuser we have a root shell:
6 - CAPTURING THE 2nd FLAG
- Reading root.txt:
