Open in app

Sign in

Write

Sign in

Fristileaks vulnhub walkthrough

hidepatidar
4 min readOct 30, 2021

--

Download this box using this url and deploy box on virtual box

now let’s enumerate this box scan

first scan your network using nmap command

$ nmap -sn 192.168.1.1/24

we have ip address 192.168.1.213 let’s check this ip address and scan with nmap

$ nmap -v -p- 192.168.1.213

let’s check port 80 we found a simple web page look like this

let’s bruteforce directory with dirsearch and gobuster according you

$ dirsearch -u 192.168.1.213

now scan with nikto basic scan and see result

$ nikto -h 192.168.1.213

we see php version php/5.3.3 this php version is vulnerable with cgi bin remote code execution now check this exploit using this link

we found a new page on web directory so first we try this

new directory let’s see on this directory what content on this directory

but we don’t have user and passowrd let’s emumerate for username and password see source code

we have user now enumerate for password

we have base64 encrypted data lets decode using this tool

we have username and password so try user and passowrd

we are login let’s upload shell on this page

now upload shell and rename your shell

now start your nc for reverse shell nc is a port listner

let’s execute your shell.php.png file and see

wow :) we got a shell

see we have normal shell now convert your shell fully interective shell using this link

now we have a problem with terminal our terminal is blank don’t worry about it type wait and type anything and enter then see

we have a note in user home directory and we know this is cronjob service

now create a file on tmp directory and file name is runthis

now insert some content in file because we know file execute every minute so let’s get admin shell using python

now start nc on port 4242 and see we got a shell

and now we have admin privilege and let’s enumerate admin user

we see file which user fristigod now open whoisyourgodnow.txt file and see

we have hash and now crack this hash using python simple decoder

import base64,codecs,sys

def encodeString(str):
    decoded = codecs.decode(str[::-1], 'rot13')
    return base64.b64decode(decoded)

cryptoResult=encodeString(sys.argv[1])
print cryptoResult

now we have password let’s try this on fristgod user

we have a binary file on hidden directory let’s execute this binary using fristi user

happy hacking :)

i know you enjoy this journey

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

hidepatidar
hidepatidar

Written by hidepatidar

7 Followers
2 Following

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams