Hacker Fest: 2019 Walkthrough

Bymihir

Hacker Fest: 2019 is a part of series Hacker Fest. The author is Martin Haller. You can download this lab from Vulnhub.com

It’s an easy machine which can be exploited within 30 minutes. It’s a good machine for beginners.

Tools we will be using:

Network scanning and enumeration:
1. netdiscover
2. nmap

Exploitation and privilege escalation:
3. metasploit

Walkthrough

First we start by scanning the network using netdiscover.

PCS Systemtechnik GmbH is the name it shows for virtualbox.
Now we know the IP of the target machine, we will scan it using Nmap to look for any ports open or services running.
We see that on port 10000, Webmin 1.890 is running. Searching about it on google reveals that this particular version is vulnerable with a severity of 10. This exploit is also available on metasploit as mentioned on the site.
Now we shoot up metasploit and search for this exploit.
We will now assign RHOSTS, RPORTS, LHOST, and other things
After setting up all the things, it’s time to exploit. Webmin usually runs on root permissions, we verify our root access by passing the command id
 
 

Similar Posts

Google XSS Game

Bymihir

So Google has this xss game where you can practice or test your xss vulnerability skills. You will have to make your own xss payloads as per the scenario of the task and get through the levels. I have just found out this website and I’ll try to do it and post my solutions with…

Leave a Reply

Your email address will not be published. Required fields are marked *