NullByte — VulnHub — Solution
This is going to be the walkthrough of NullByte machine from VulnHub which can be downloaded from the above link.
Begin
At first it’s all about finding the IP address of the target machine.
Once we have the IP address we need to run a quick NMAP scan.
NMAP scan revealed 3 ports — 80, 111, 777. Trying Dirb to find some directories.
We found “phpmyadmin” directory. Let’s try Nikto.
Nikto reveals the same. On opening the IP in the browser we have.
We have an image! I have been doing lots of stenography and i never left any page unturned. So i quickly ran strings on this image.
This seems to be something different. So i put it as a directory and we are provided with a new page.
On checking the source code, it reveals,
So we have to guess the password. I started guessing the password on this starting from “admin, password, 123, princess, rockyou, binary, Admin, police, elite” and elite was the right key.
This page seems to be querying the username with the database so i put my name and tried to check what it reveals.
On sending NULL input. 2 usernames were revealed!
So i looked at the URL and thought to run SQLmap.
Well it looks like this :))
The database names were revealed. So i tried to look on these one by one.
As “seth” has revealed the password so i moved onto cracking it. It was base64 encoded.
Using hashkiller.co.uk i was able to decrypt the password.
Now it was the time to log into the machine via SSH
Yes, we are in. Now we need to look whats going on inside.
On checking the bash history i found that ‘/var/www/backup’ was accessed and procwatch file was run.
On running the procwatch i found two files were being checked “ps and sh”. In order to gain the root access i did the following and ran procwatch.
As i was root now i had to grab the flag and we are done!
Method 2
The second method of hacking this machine is the log into the PhpMyAdmin and then grab the passwords of the users and then follow up until you are root.
Thanks!
