TOPPO_1
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Toppo_1, from the VulnHub pentesting platform.
- Toppo_1 can be downloaded from here:
https://www.vulnhub.com/entry/toppo-1,245/
- Once the virtual machine downloaded and extracted with VirtualBox:
2 - ENUMERATION
- Scanning all ports with Nmap:
- Dirbusting the web server we find a directory called /admin:
- Browsing the web server:
- Going to /admin there is a text file called notes.txt:
- Reading notes.txt there is a message about a potential password, either :/ 12345ted123 or maybe just 12345ted123. Later we will try some related options:
3 - EXPLOITATION
- SSH with credentials ted:12345ted123 it works:
4 - PRIVILEGE ESCALATION
- Looking for files with bit SUID we focus our attention on /usr/bin/python2.7:
- /usr/bin/python2.7 is owned by root, and also it has enabled the bit SUID:
- Now it's very simple to get a root shell, just by improving the shell:
5 - READING THE FLAG
- Going to home folder /root we can read flag.txt:
