vulnhub Archives - Saiyan Pentesting

08Apr 2019 by admin

VulnHub – Droopy

http, metasploit, privilege escalation, vulnhub

Greetings everyone! In today's post, I'll be attacking a system called Droopy, which I downloaded off of Vulnhub.com. Let's get started! Once we have the vulnerable machine booted up, we'll need to find out what IP address it has. For me, the machine is located at 10.10.1.11. Knowing this, we'll now scan it with Nmap to discover what ports are open and what services are running. As we can see, we only have port 80 to work with. But hey, that's more than fine. Right away, you may notice that Nmap picks up that the website is running on Drupal, which set off some red flags immediately! Perhaps the site is vulnerable to the drupalgeddon exploit? For now, let's open up a web browser and head to the website. Poking…

29Mar 2019 by admin

VulnHub – Quaoar

http, metasploit, privilege escalation, ssh, vulnhub

Happy Friday! In today's post, I'll be exploiting another system downloaded from VulnHub! This one is called Quaoar, so let's not waste any time and jump into it! When Quaoar is booted up, we are shown it's IP address. For me, it was located at 10.10.1.10. Alright, let's boot up our attacking system and scan the target with Nmap. We get a few options back here! One port that sticks out is port 80, which is of course used for http. Knowing this, let's open up a web browser and head over to 10.10.1.10. So we do see a website up and running! Doing a little bit of exploring around the website, we have an option to click on a link which states "Click here to know what you need…

24Mar 2019 by admin

VulnHub – Basic Pentesting 2

privilege escalation, smb, ssh, vulnhub

In today's post, I'll be attacking a virtual machine downloaded from VulnHub called Basic Pentesting 2. I've previously posted two ways of exploiting a machine called Basic Pentesting, so it's only right that we try out the next machine in the series! The first thing we're going to do is locate the vulnerable machine on our network. We can do this by using a tool called netdiscover. Once we find it, we can start scanning! For me, the vulnerable machine is located at 10.10.1.11, so let's fire up nmap! Alright, looking at these results we can see there is a web server running, so let's browse to it and see what we find. Nothing here, really! But let's run a program called dirb to see if we can brute force…

23Mar 2019 by admin

VulnHub – Kioptrix Level 1

metasploit, remote access, searchsploit, smb, vulnhub

Greetings! I thought I would take to a break from March Madness (go Duke!) to make a post about attacking another system downloaded from VulnHub. This one is called Kioptrix Level 1, so let's get started! I had some trouble getting Kioptrix to talk to my virtual network on VirtualBox, so I switched over to VMWare. Let's boot up both our Kali system and the Kioptrix VM and see if we can find it on the network. We can run netdiscover on our attacking system to see what we have. There it is! Kioptrix is located at 192.168.64.159. Now let's scan it with nmap to see what services and ports are open. We have a few options here! The one that stands out to me is port 139, netbios-ssn. As…

16Mar 2019 by admin

VulnHub – Toppo

awk, privilege escalation, ssh, vulnhub

Good evening! In this post, I'll be exploiting another virtual machine that I downloaded from vulnhub.com. This one is called Toppo! This VM immediately caught my attention because of the name. For those unaware, Toppo is a character from Dragon Ball! No he is not a saiyan, but he proved to be quite the formidable foe in the Tournament of Power. But hey, who knows, maybe this VM was named Toppo for another reason. I, however, believe to think that it was named after the future God of Destruction of Universe 11. Anyway, enough Dragon Ball talk, and let's get to it! Once the VM is booted up, we are given the IP address of the system. Alright, let's scan it with Nmap to see what services we have running.…

12Mar 2019 by admin

VulnHub – Basic Pentesting 1

ftp, metasploit, vulnhub

So I thought I'd change things up a bit from exploiting services in Metasploitable, and begin doing some vulnerable machines from VulnHub! The first one I'm going to be exploiting is called Basic Pentesting 1. It doesn't sound too difficult, so let's get started! Once both the vulnerable VM and our attacking system are booted up, we need to find the VM on our virtual network. Let's run netdiscover to see if we can find it. The VM has an address of 10.10.1.12. Perfect! Now let's scan it with Nmap. Hmm. ProFTPD is running on this system! Lucky for us, we just exploited this service in our Metasploitable box. However, we see that it has a different version number! Maybe Metasploit has an exploit for it? Let's check! The module…

Category: vulnhub