Friday, January 14, 2022

Misdirection

 

MISDIRECTION

- Layout for this exercise:










1 - INTRODUCTION

- The goal of this exercise is to develop a hacking process for the vulnerable machine Misdirection, from the VulnHub pentesting platform.

- Misdirection can be downloaded from here:

https://www.vulnhub.com/entry/misdirection-1,371/


- Once downloaded Misdirection and extracted with VmWare:



2 - ENUMERATION

- netdiscover helps to identify Misdirection's IP 192.168.1.28:














- Scanning with Nmap:











- Browsing ports 80 and 8080:






























- Dirbusting  web server at port 8080:





















- After browsing some webpages we find a management shell at webpage /debug:




















3 - EXPLOITATION

- Setting a Netcat listener at port 5555:





- Sending a reverse shell command from Misdirection to Kali:


- Finally a remote shell is triggered:








- Improving the shell:




- Going to folder /home we discover the user brexit:









4 - CAPTURING 1st FLAG

- Trying to read user.txt the access is denied:





















- Checking www-data's sudoer privileges we discover he can run /bin/bash as user brexit:



- Switching to user brexit:







- Now we can read user.txt:





5 - PRIVILEGE ESCALATION

- Finding that file /etc/passwd is writable:







- Creating an encrypted password for a new user:







- Adding this new line to /etc/passwd:








- Now switching to newuser we have a root shell:








6 - CAPTURING THE 2nd FLAG

- Reading root.txt: