DC-4

The first step is to get the IP of our target machine (i.e., DC-4)- The process of doing this is as follows-

Start network scan in your kali terminal with the help of ARP scan or Netdiscover

Command- arp-scan -l

DC-4

In this scan we found the ip 192.168.1.41

Now lets see what is available on this ip

DC-4

There is a login page which we can bruteforce by burp

As we have our target IP we will scan the ports using Nmap Command- nmap 192.168.1.41

DC-4

As we can see that http and ssh are open

So lets first brute force the login page with rockyou.txt

DC-4

We found username= admin, password= happy

So lets see what is inside

DC-4

We have found commands running but there only 3

So we will find more commands in burp using repeater

DC-4

We have found some passwords in /home/jim/backups/old-password.bak

Now for users lets find out in /etc/passwd

DC-4

Here we found 3 users jim sam and Charles who have bash So lets bruteforce ssh with hydra

DC-4

As now we got jim password i.e., jibril04

Let see what we got by ssh

DC-4

We got an test mail which was sent from root to jim so if this is test mail Lets check if there is something interesting in /var/mail

DC-4

And we got Charles password also So lets switch user

Now we know that we need root access so we will do it by Command – sudo -l

DC-4

As we can see Charles has permission to use teehee without root password Now to gain root access

Command -echo “raaj::0:0:::/bin/bash” | sudo teehee -a /etc/passwd

DC-4

And boom here we got flag

Kindly read other articles:

Walkthrough Of TommyBoy1

BRAINPAN: 1 Vuln Hub Machine Walkthrough

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Hello
Can we help you?