![]() ![]() This was different from anything else that I had streamed so far, but it was fun! To catch me live, be sure to follow me on Twitch! VulnHub Investigator Walkthrough – Conclusion If you’d rather watch the stream highlight rather than read all this text, then you can find it here. Next, I viewed all the messages, and saw a ‘Welcome’ message.įinally, when I opened the last message, I received my flag and finished this challenge! When I unlocked the device, I was able to go to the messaging application and see a hint about the flag. When attempting to open some apps on the device, something called AppLocker was stopping me.Īfter a few guesses and some thought, I realized that the secret key was positions to swipe for the AppLocker unlock code (259148637)! rw-rw- root sdcard_r 34 00:29 backdoor.php rw-rw- root sdcard_r 18 13:50 backdoor.php rw-rw- root sdcard_r 862 20:05 msmtp.cnf Next, I went to the web directory to see if there were any interesting files. I also glanced at the PHP server on port 8080, to see if there was anything useful there. ![]() Note: VirtualBox does not show the mouse cursor in Android VMs by default, so navigating can be quite difficult. With these files removed, I could manually interact with the device. Looking in the root directory, I found the flag.txt file which contained a clue for my next steps.Īgent "S" Your Secret Key ->259148637įirst, I removed the key files from the system directory to disable the screen lock protection. Next, surprisingly enough, I was able to escalate to root with the ‘su’ command! With ADB working, I used the shell command to get access to the device. * daemon not running starting now at tcp:5037Ĭonnected to ~/VulnHub/investigator# adb devices -lġ92.168.5.224:5555 device product:android_x86 model:VirtualBox device:x86 transport_id:1 Using ADB, I was able to successfully connect to the device. Processing triggers for libc-bin (2.31-2) ~/VulnHub/investigator# adb ~/VulnHub/investigator# apt-get install adb Since this was an Android device, I installed ADB to perform some remote debugging. When I tried to visit another page on the server, I received the same message. Port 8080 had a default website that mentioned a missing investigator. Nmap done: 1 IP address (1 host up) scanned in 104.43 seconds Stats: 0:01:44 elapsed 1 hosts completed (1 up), 0 undergoing Script Post-Scan OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 |_http-title: Welcome To UnderGround Sector Service scan Timing: About 50.00% done ETC: 23:01 (0:00:36 remaining)Ĩ080/tcp open http PHP cli server 5.5 or later Stats: 0:00:43 elapsed 0 hosts completed (1 up), 1 undergoing Service Scan When I port scanned the device, I saw that ports 55 were open. ![]() Nmap done: 256 IP addresses (9 hosts up) scanned in 1.86 seconds MAC Address: 08:00:27:80:2F:57 (Oracle VirtualBox virtual NIC) Nmap scan report for pfSense.sanctuary (192.168.5.1) This time, it’s Investigator by Sivanesh Kumar, which you can download here Enumerationįirst, when I loaded the VM in VirtualBox, I saw that it was an Android device of some kind.įirst, I scanned my network looking for the target system. It’s time for another VulnHub write-up to follow-up my Sunset Midnight post! VulnHub Investigator Walkthrough – Introduction This time, my VulnHub Investigator Walkthrough is for hacking into an actual Android device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |