Task 1: Importing the OVA and Setting up the Environment

Warning!

Make sure to follow the instructions carefully and do not restart the Ubuntu box; if it is restarted, you will have to re-import.

Step 1

• Import the OVA by double-clicking it. Make sure to deselect the USB Controller setting, click Import, and configure the provided OVA file.

Step 2

• Set the Kali VM and imported Ubuntu box on the same internal network.

Step 3

• Manually configure the IP address of the Ubuntu VM to match the Kali box IP address. Log in with the weak user and enter the password 123123.

Step 4

• You will add a static IP address in the same subnet as your Kali box. Click Save once the IP address is set. You will need to use the admin password, Pa$$w0rd, to make the change.

Step 5

• Verify the communication between both boxes.

Task 2: Linux Remote PE via Dirty COW Kernel Exploit

Step 1

• Use Nmap to scan the network for the Ubuntu machine’s IP.
• Note: You will notice an open port as well.

Step 2

• In Kali, use SSH to connect to the Ubuntu machine and see if you can navigate to the root directory. Use weak for the username and 123123 as the password.

Step 3

• The exploit is in weak’s home directory and is called exploit.cpp, which can be listed with ls.

Step 4

• Compile the file and execute it. Use cat to inspect the Dirty COW exploit and learn how to compile it.
• Note: You will need to change -std=c++11 to 0x and the .cpp file to exploit.cpp.

g++ -Wall -pedantic -O2 -std=c++0x -pthread -o dcow exploit.cpp -lutil

Step 5

• Execute the exploit with the -s flag to elevate privileges and obtain root permissions. Use the whoami command to see your current account.

./dcow -s

Step 6

• Navigate to the home directory and display the contents with list.

Step 7

• Run cat secret-file.txt