FristiLeaks{VulnHub}

4 min readMay 11, 2023

Site = VULNHUB
Creator = Ar0xA
Difficulty = 🍕

Basic Summary:
Easy machine with multiple ways to root, I did only one so we’re gonna cover that one.So, theres a webpage open and thats it. We have multiple directory mentions in robots.txt but nothin in those directories. Then in /fristi directory, we get some credentials for the portal in /fristi. Then we can upload a shell and get our initial shell in the system.Afterwards its pretty easy as we get guided mostly and theres a cronjon running from which we get credentials for another account in the system. And then from that account we have a binary through which we can run commands as root. And just like that we’re ROOT. [and for running this machine in virtual box you need to add ‘08:00:27:A5:A6:76’ as the mac address.]

##QUICK LINKS

Recon
Web
Initial foothold
CronJob
fristi
RooT
ADMIN {Bonus}

##RECON

80/tcp open http Apache httpd 2.2.15 ((CentOS) DAV/2 PHP/5.3.3)
| http-methods: 
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3
| http-robots.txt: 3 disallowed entries 
|_/cola /sisi /beer
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
MAC Address: 08:00:27:A5:A6:76 (Oracle VirtualBox virtual NIC)

##WEB

Visiting the web page theres an image.

Robots.txt has following entries

/cola
/sisi
/beer

All of the above directories lead to anything but useful stuff.

Then just using the box name for directory checking, we stumbled upon the directory /fristi.

A simple portal, lets check the source code.

A username eezeepz and a base64 image, lets render the image.

eezeepz:keKkeKKeKKeKkEkkEk

Trying to login, we’re presented with a picture upload page.

Wellll.. Lets just upload a revshell.

##Initial access

Wellll.. Lets just upload a revshell. And yess it does check if the uploading file ends with .jpg,etc so just add .jpg at the end of your revershell.
And We’ve got a revshell.