BrainPan — Vulnhub Walkthrough

ENUMERATION

  • 9999
  • 10000

EXPLOITATION

Before Running Script
After Running Script
Output of Fuzzing.py
pattern_create.rb metasploit-framework payload.
Offset.py
Registers overwritten
Exact match found at 524.
Inserting B’s at EIP.
EIP written with 42424242 = hex value of BBBB
Badchars.py
No bad chars. Nothing replaced by original hex
Mona instead of Moana
!mona modules
I found return address: 0x311712f3
breakpoint.py
breakpoint hit at JMP ESP.
payload.
part 1 overflow.py
part 2 overflow.py
  1. Padding added “\x90”*16 bytes
  2. IP address changed to our real target machine, instead of testing windows machine

PRIVILEGE ESCALATION

  1. I thought we either need to intrude some information from files in linux in Z: drive
  2. (or) I shifted to C: drive and tried windows escalation.
  1. Files in linux held nothing.
  2. C: drive was just a drive which seemed to be of windows, it had not capability of windows commands except some basic cmd commands, but no sensitive files.
plugnplay running
  1. Changing home directories of users : denied
  2. Uname -a : linux kernel info
compile dirtycow for 32 bit linux kernel
access to /etc/shadow

--

--

--

OSCP | CEH | Cyber Security Enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

My OSCP Experience & Tips (I TRIED HARDER!!)

Stop crime before it happens

Evanesco ITO Date & Whitelist Campaign Rules

Honey Pot Project: An Analysis of Basic Scripted Attacks

A screen shot showing a large number of failed logins and lost or timed out connections. The log had thousands of these and collecting data on actual attacks required sifting through these failures.

Phishing Attacks: What Are They And How To Prevent Them?

phishing attacks

1 Thing You Must Do To Be 10 Times Wiser Than Your Village People

MetaVegas Wallet Service Open

Are Blockchain-based QR codes safe? (Part 27)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dhanishtha Awasthi

Dhanishtha Awasthi

OSCP | CEH | Cyber Security Enthusiast.

More from Medium

Shoulder Press Exercise Analysis using OpenCV and MediaPipe (with visualization)

CORS Error Got Your Site Down?

Launch DeFi Exchange like SushiSwap Using Sushiswap Clone

Using the SORA Ledger Application