Lab 10.2 Exploiting Nancurinir - JimKnee-Champ/Ethical-Hacking-Journal GitHub Wiki

nmap was used to discover the ip of the server and the services running on it, as well as their versions.

Dirbuster was used to enumerate the contents of the server available from the web. it revealed the phpmyadmin configuration as well as the login page.

rsmangler was used to generate a password list for the gandalf user.

metasploit was used to create a reverse shell on the server and access the gandalf users account.

the server itself was relatively easy to escalate privileges within once it was accessed.

This lab was incredibly difficult and tedious. I think it was an excellent test of our skills so far, and I admit that I would not have been able to perform this without ample aid from resources online and from other students. The use of metasploit was something that should have been relatively intuitive, but I was unfamiliar with it and so had to repeat my efforts several times before I managed to get the exploits running correctly. Once I was on the server, I flailed around trying to find the relevant files with insecure permissions before i finally stumbled upon the /etc/passwd file. After I had discovered that was a method you could use to directly add a user, it was relatively easy to find out how to echo a user account in plaintext and then access that root privileged user.