Nancurinir exploit - Robertsegee/SEC335 GitHub Wiki

In this lab we targeted a new machine with various different obstacles. The first step was to find the ip which I used a DNS resolver program that I made to find the Ip. The next step was to run a nmap scan to discover what ports and services were running. The only thing that was running was http which meant we could not ssh into the machine. The next step was to navigate to the website and see what I could do. Using information from the hint I was able to login and navigate the website. Then I was tasked with attacking the box. After using an RCE from exploit-db and had no success, I used metasploit and was guided as to what to do from a classmate. After setting all the parameters on metasploit I ran it and was able to get into the machine. Then I ran the find command along with some parameters to locate some world writable files. I then noticed that /etc/passwd was writable so I began to do that. After accidentally overwriting /etc/passwd, I used the echo command to add my own root account to the file and was then successfully able to achieve root access through that account.