VulnHub: Toppo: 1
Difficulty: Easy

This was a nice and easy lab to start breaking into these labs. Allows you to run through the basics of nmap, nikto and then figuring out how the easiest way to escalate to root once on the machine.

My first lab I attempted.

First step after booting all the VMs online, was to run a few nmap scans to find the host we needed to hit and what services it had open.

Once we had found the target, next step was to gather more information about open ports. We run nmap again, targetting the specific IP we want and scanning all ports this time.

This now gives a list of all the open ports on the target machine, we can use these ports in another nmap scan to get even further detailed information as to what may be running on these ports.

As we can see, SSH is on the default port, an Apache webserver on the default HTTP port, and two RPC ports. nmap tells us that the page that is on the HTTP port is a bootstrap based page. Lets load it up and have a look!

Nothing really interesting, time to use a tool to scan for interesting folders, nikto!

nikto shows us that the folders admin, img, mail and some others were found. Lets start with the admin folder, see if anything interesting exists here.

Well that sure is interesting. Password is simple enough, some numbers and a name. Lets try that name and the password in ssh.

Success! In the above we can also see what kernel is running and that the user we have access to can run awk as root. Lets use that to get a shell as root!

And there we have our flag that we are after.

This was a nice little entry into the NetSec labs on offer at VulnHub. It allowed us figure out how to use some basic tools and nothing too hard to figure out.