This is my write-up for VulnOs:2 at Vulnhub.com.

About vulnhub.com

Vulnhub is a community driven website which provides access to sparring environments for aspiring or seasoned security professionals. They have a huge collection of virtual machines and networks which can be downloaded to work on your offensive or defensive CyberSec skills.

About VulnOS:2 (Description from the site)

Link to VulnOS:2

VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills

This is version 2 -

Smaller, less chaotic !

As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.

Your assignment is to pentest a company website, get root of the system and read the final flag

NOTE : current keyboard preferences is BE “pentesting is a wide concept”

If you have questions, feel free to contact me on m4db33f@gmail dot com Shout out to the Vulnhub Testing team!

Hope you enjoy.

c4b3rw0lf is the author of this VM. He can be followed on twitter here.

About: This Write-up

This walk-through provides mostly the success path that I had taken to complete this VM. It does not include the many, many failure paths which lead me to frustrating dead-ends. It also does not include alternate ways to complete, which I am sure there are many.

Recommendation:

If you are starting out on your path to CyberSec learning, do not use this write-up to cheat yourself off the invaluable exercise and skills of trying to find the solution on your own. Attempt the box on your on to start with. If you get stuck at any stage for more than a couple of hours (or days), do refer this guide just enough to get you through the section you are stuck at.

Disclaimer:

All information, techniques and tools described in this write-up are for educational purposes only. Use anything in this write-up at your own discretion, I cannot be held responsible for any damages caused to any systems or yourselves legally. Usage of all tools and techniques described in this write-up for attacking individuals or organizations without their prior consent is highly illegal. It is your responsibility to obey all applicable local, state and federal laws. I assume and accept no liability and will not be responsible for any misuse or damage caused by using information herein.

My Lab Setup

I am running a Windows OS with Oracle Virtualbox installed. For this specific exercise, I have 2 virtual machines. The first is a Kali linux VM allocated with 4gb of RAM, 3vcpu and a 25gb hdd. The second is the virtual machine for VulnOS:2 . I am using the default resource allocation defined in the ova (which is 1vcpu and 768MB of RAM. I have created a host-only network with DHCP enabled attached to these VMs. I have further configured a firewall rule on my host machine’s to disallow any inbound or outbound traffic from this network. This is done to eliminate any noise from my host, and also to protect my host machine from the activities on these VMs. Begin by booting up both VMs.

For the sake of simplicity, from now on, I will be addressing the VulnOS:2 VM as the ‘target’.

Ground Rules

For the purposes of simulating a real-world scenario, the VulnOs : 2 VM will not be accessed directly via it’s VM console, nor would it’s operation be interrupted using virtualbox VM controls. The only way to access it, will be from the attack platform, which in my case is the Kali Linux VM.

Reconnaissance

Network & Host

To begin with, I need to find the target’s ip address. The kali VM’s ip address is 192.168.56.102. Running an nmap scan on the local subnet shows 4 devices on the network including the kali VM. 192.168.56.1 is the host machine & 192.168.56.100 is the virtualbox dhcp server. The final ip address 192.168.56.101, belongs to our target. The nmap scan also shows 3 open ports, 22 for ssh, 80 for http & 6667 for irc (or possibly any one of a huge list of threats). We see that all 3 ports are open and the target is possibly hosting a website/service.