AdSense

Sunday, February 6, 2022

Toppo_1

 TOPPO_1

- Layout for this exercise:



1 - INTRODUCTION

 - The goal of this exercise is to develop a hacking process for the vulnerable machine Toppo_1, from the VulnHub pentesting platform.

- Toppo_1 can be downloaded from here:

https://www.vulnhub.com/entry/toppo-1,245/

- Once the virtual machine downloaded and extracted with VirtualBox:



2 - ENUMERATION

- Scanning all ports with Nmap:



- Dirbusting the web server we find a directory called /admin:


- Browsing the web server:


- Going to /admin there is a text file called notes.txt:


- Reading notes.txt there is a message about a potential password, either :/ 12345ted123 or maybe just 12345ted123. Later we will try some related options:



3 - EXPLOITATION

- SSH with credentials ted:12345ted123 it works:



4 - PRIVILEGE ESCALATION

- Looking for files with bit SUID we focus our attention on /usr/bin/python2.7:



- /usr/bin/python2.7 is owned by root, and also it has enabled the bit SUID:






- Now it's very simple to get a root shell, just by improving the shell:



5 - READING THE FLAG

- Going to home folder /root we can read flag.txt: