VulnUni

Vulnerable VM image

March 21, 2010 CTF VM

This system was setup in a CTF with virtualbox 6.1.

Services

nmap shows that port 80 is open. I spidered the whole site with wget -r -np and found the following comments:

192.168.5.4/courses.html:                               <!-- Disabled till new version is installed -->
192.168.5.4/courses.html:                               <!-- <li class="nav-item"><a href="vulnuni-eclass-platform.html" class="nav-link">EClass Platform</a></li> -->

Footholds

There’s a published exploit for this site on exploit-db: https://www.exploit-db.com/exploits/48106

Using the information in the exploit. I was able to dump the usernames and passwords.

+----------+--------------+
| username | password     |
+----------+--------------+
| admin    | ilikecats89  |
| garris.e | hf74nd9dmw   |
| perez.s  | i74nw02nm3   |
| smith.j  | smith.j.1971 |
+----------+--------------+

Using the admin user. I activated the Video module in a class and uploaded a .php3 shell as a video.

Escalation

The system is vulnerable to dirtyc0w CVE-2016-5195.

projects

Home

Blog

Projects

Tags

Recent Posts

Windows Mischief

The Taste of the Day

Blog Post Automation

VulnUni

Services

Footholds

Escalation

brimstone's blog

Recent Posts

Windows Mischief

The Taste of the Day

Blog Post Automation

Recent Projects

Machine Learning Research

Free Services

Vulnerable Windows Drivers

Raspberry Pi aarch64

D1 mini