Friday, 17 March 2017

Sedna seduced!

I picked up Sedna and these were the steps:

Like any machine, starting with arp-scan:

arp-scan -l

The machine got detected at 192.168.137.152

Next, I concentrated on port 80 and running dirbuster it became clear that builderengine is running.

Doing a quick searchsploit for builderengine revealed exploit for arbitrary upload.

I uploaded a simple php rerverse shell and received reverse shell on listening port 443.

/var/html
cat flag.txt
bfbb7e6e6e88d9ae66848b9aeac6b289

Next, exploit for first overlayfs was tried but It failed
Checkeding exit code it gave me 255 but it was irrelevant.

Checking further, I saw that there was no "su" in /bin which could be the cause but I skipped to look other exploits.

For 14.04, the exploit apport worked just fine and root shell was achieved.

/root
cat flag.txt
a10828bee17db751de4b936614558305

There are two more flags, I am lazy so going to skip those...
(Maybe I will do that later...)