Vulnhub dpwwn: 1 Walkthrough

    Not to be the guy who says this is easy because everyone is somewhere on the ladder but this one is a pretty big softball. 

    The description states:  "This boot2root is a linux based virtual machine and has been tested using VMware workstation 14."  Works fine on VirtualBox which is what I used.

    This is part of a new batch of servers that were dumped overnight and I had a few minutes to spare.

    Kicking off with Nmap:

    Couple of options but I quickly move to MySQL and I attempt to login using root and [no password]:  

    I'm in.  I search for databases and I find:

    Moving over to SSH:

    While checking out the home directory for Mistic, I find:

    While hunting crontab, I find:

    I modify the script with a revers shell:

    With my handler setup, I wait for it to execute:

    It pops, I'm root, and I go for the flag! 

    Simple as long as you understand what crontab does.  If not, that's a new lesson learned.

    © 2020