Skip to content

Latest commit

 

History

History
71 lines (43 loc) · 1.67 KB

REPORT.md

File metadata and controls

71 lines (43 loc) · 1.67 KB
Raw

[VH] The Planets: Earth


Client Details

Machine: The Planets: Earth
- file: Earth.ova
- size: 2GB

Type: Virtual Box Archive (.ova)



Lets start the pentest!!

find step-by-step pentest notes here


Reconnaissance

  • Netdiscover Scan

    • cmd: sudo netdsicover
    • netdiscover scan results

  • Nmap Scan

    • cmd: nmap -sC -sV -A -o nmap.log 192.168.1.5
    • full nmap scan results

  • Gobuster Scan

    • cmd: gobuster dir -u http://earth.local/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o gobuster.log
    • gobuster scan results

  • Found https://terratest.earth.local > /robots.txt > /testingnotes.txt > /testdata.txt


Gaining Access

  • Got website login creds (for http://earth.local/admin/login):

    • username: terra
    • password: earthclimatechangebad4humans

  • Successfully logged into Admin Command Tool!

  • Successfully got a Reverse Shell!!

  • Found /var/earth_web/user_flag.txt > [user_flag_3353b67d6437f07ba7d34afd7d2fc27d]

  • Found a vuln binary: /usr/bin/reset_root

  • Root Credentials:

    • username: root
    • password: Earth

  • Found /root/root_flag.txt > [root_flag_b0da9554d29db2117b02aa8b66ec492e]


Conclusion

  • Currently we have full root privilages
  • Next things to try:
    • maintaining access
    • clearing tracks

HAPPY HACKING ;)