Target machine ip is 192.168.56.102
Vintermute 1 can found on the vulnhub website.
We scan target machine with nmapAutomator.
we look login page into 3000 port.
System give a hint username and password.They are ‘admin’, ‘admin’. We login into page and we notice localhost extension that named /turning-bolo/
We connect target machine:80 port.
we press submit Query button.
There is LFI vulnerability on the website because url extension case but It is written in the text file as .log extension. This means it is lfi.
We inject php web shell command via smtp port. We use nc to send php file .
We check if the code works.
Code run on the target website. We try to add reverseshell.py
We open http server on 8080 for with wget download reverseshell.php
Reverse shell is ran the System
We download linpeas and run in the system. We see suid bit vulnerability.
We run the .sh file under the tmp directory.
We get a problem and we search in website. We find solution. As a result, we run the file. We get root
Error resolution
