Skip to main content

Toppo 1 Walkthrough - Vulnhub Machine

Hello Friends,

This is my second write-up on a vuln machine Toppo 1 made by my bro Hadi Mene.
Let's get Started ....
After running nmap for the target machine , I found port 80 was open so I started enumerating from there.
The first thing I try for any web app based challenge is - Running Dirbuster ;)
Found an interesting file i.e notes.txt . Let's check it out in browser .
Great, we got some password. It can be ssh credential or ftp etc. Since ftp port is closed therefore let's go for ssh login .
Tried ted123 and ted as username . Luckily "ted" worked for me .
So username - ted
pass- 1234ted123
Now comes the privilege escalation part . This was the easiest part since this covers the basics of privilege escalations through SUID.
I checked for the binaries whose setuid were enabled .
setuid bit-
Binaries with the setuid bit enabled, are being executed as if they were running under the context of the root user. 

That moment when you see python binary with setuid enabled.
I wrote a small python script in-order to run system commands .

Running this script with python2.7 helped me run commands with root privileges.

Yippeee !!! Easy and Good for Beginners :)

Don't forget to study more about SUID ;) Thanks for reading .. !!

Comments

Post a Comment

Popular posts from this blog

Porting exploits from exploit-db to PowerShell - PSP Assignment 0x5

Before we start I would like to bring your attention to this PSP course from  Pentester Academy   - https://www.pentesteracademy.com/course?id=21 . The course is focused on Powershell scripting which can be used in pentesting activities. ( Image Source - xcart ) Description - A powershell script to exploit WordPress Plugin Is-human 1.4.2 - Remote Command Execution and Lunar CMS 3.3 Unauthenticated Remote Command Execution vulnerability. Exploit DB - 1.  https://www.exploit-db.com/exploits/17299/ 2.  https://www.exploit-db.com/exploits/33867 Script Code - Proof of Concept - The script can be found on my github - https://github.com/hexachordanu/PSP/blob/master/Exploits.ps1 This blog post has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam https://www.pentesteracademy.com/course?id=21 Student ID: PSP-3250
Post a Comment
Read more

Review of Pentester Academy - Attacking and Defending Active Directory Lab

Few months ago I didn't know what Active Directory is, and why should I care about it and never heard about ACL abuse and all. Although I had attended a BPAD (Breaking and Pwning Active Directory) training which was provided by Nullcon but I was not confident enough to go for this course exam, since my day-today activity involves VAPT stuffs related to Web/Network/Mobile and sometimes basic malware analysis (very basic one :p).  I started doing offshore lab and took help from some friends in understanding few Active Directory concepts. I did many silly mistakes during the lab and learned a lot. Meanwhile I registered for Active Directory Lab Course and got it in a discounted offer for first 50 students of about 11k INR  ( 1 mont lab access) :). Before wasting time any further let's dive into the review. The course -  https://www.pentesteracademy.com/activedirectorylab Certification - Certified Red Team Professional The Course Content  - After paying the c...
4 comments
Read more

Hacking Thick Clients – Authorization Bypass

Hello Readers, This post will be focused on setting up a vulnerable thick client application and finding vulnerabilities. The blog post is an unofficial part of the on going series of post by NetSPI. NetSPI has released a vulnerable thick client app called BetaFast which has two versions - BetaBank and BetaFast based on 2-tier and 3-tier architecture respectively. The app is coded by Austin Altmann  and he is writing the walk-through series. Note: At the time of writing this blog, the walk-through/write-up for authorization bypass vulnerability was yet to be published by NetSPI and therefore I decided to create this blog post. All the credit for developing and maintaining this app goes to Austin and NetSPI team. You can find some of the cool write-ups here . Let's start. Setting up Betafast - 1. Download the files from github -  https://github.com/NetSPI/BetaFast  . 2. Extract and open the...
1 comment
Read more