top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
    • Aug 12, 2022
    • 2 min read

Sick_OS 1.1 [vulnhub]→ walkthrough

We will be looking at how I can solve the Sick_OS 1.1 machine. In this machine we have to find the root flag. You can download the machine from this link SickOs: 1.1 ~ VulnHub

Tools used:

  • Arp-scan

  • Nmap

  • Dirb

  • Nikto

  • Netcat


Let’s Crack the Machine


Scanning:

  • Scanning the network and identifying the host IP address.

arp-scan -l

We found the host IP address 192.168.0.108 by using arp-scan.

Now we are using nmap for port enumeration.

nmap -A -p- 192.168.0.108

Here we have 3 ports open:

  1. ssh at port 22

  2. Http-proxy at 3128

  3. Closed http-proxy at 8080


To access the IP on the web we have to set our proxy as “192.168.0.108:3128” only then we can access the web page.


Now we will use nikto on the web page with a proxy.

nikto http://192.168.0.108/ -p 192.168.0.108:3128

Here we found the /robots.txt file and much more information but for now we are going to check robots.txt file.

From robots.txt we found the directory “/wolfcms


Now we check all possible link in the web page. After that we found a link “http://192.168.0.108/wolfcms/?” where we can fuzz for more web pages using dirb.

dirb http://192.168.0.108/wolfcms/? -p 192.168.0.108:3128

From fuzzing we found the admin page.


On the admin page we can use default credentials like “admin/admin”, after that we can see the

upload functionality which can be used for php-shell upload.


After that we have to find the directory where our shell is uploaded for that we again use dirb 

dirb http://192.168.0.108/wolfcms/ -p 192.168.0.108:3128

Here we have the /public/ directory which contains our shell script, now we can use netcat and establish the reverse shell.


now we have to start natcat listener and click the shell code we have uploaded earlier.

nc -nvlp 1234

Now we can check for the config.php file which contains sickos user password that is “john@123


After that we can switch to “sickos” user using password “john@123

su sickos

And when you switch to sickos we can check for the access sickos user have.

Now as we have root access, change the current directory to root directory.

cd /root

And cat the flag file.


5 views0 comments

Recent Posts

See All

Sick_OS 1.2 [vulnhub]→ walkthrough

We will be looking at how I can solve the Sick_OS 1.2 machine. In this machine we have to find the root flag. You can download the machine from this link SickOs: 1.2 ~ VulnHub Tools used: Arp-scan Nma

bottom of page