rw-rw- root sdcard_r 18 13:50 backdoor.php rw-rw- root sdcard_r 862 20:05 msmtp.cnf Next, I went to the web directory to see if there were any interesting files. I also glanced at the PHP server on port 8080, to see if there was anything useful there. Note: VirtualBox does not show the mouse cursor in Android VMs by default, so navigating can be quite difficult. With these files removed, I could manually interact with the device. Looking in the root directory, I found the flag.txt file which contained a clue for my next steps.Īgent "S" Your Secret Key ->259148637įirst, I removed the key files from the system directory to disable the screen lock protection. Next, surprisingly enough, I was able to escalate to root with the ‘su’ command! With ADB working, I used the shell command to get access to the device. * daemon not running starting now at tcp:5037Ĭonnected to ~/VulnHub/investigator# adb devices -lġ92.168.5.224:5555 device product:android_x86 model:VirtualBox device:x86 transport_id:1 Using ADB, I was able to successfully connect to the device. Processing triggers for libc-bin (2.31-2) ~/VulnHub/investigator# adb ~/VulnHub/investigator# apt-get install adb Since this was an Android device, I installed ADB to perform some remote debugging. When I tried to visit another page on the server, I received the same message. Port 8080 had a default website that mentioned a missing investigator. Nmap done: 1 IP address (1 host up) scanned in 104.43 seconds Stats: 0:01:44 elapsed 1 hosts completed (1 up), 0 undergoing Script Post-Scan OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 |_http-title: Welcome To UnderGround Sector Service scan Timing: About 50.00% done ETC: 23:01 (0:00:36 remaining)Ĩ080/tcp open http PHP cli server 5.5 or later Stats: 0:00:43 elapsed 0 hosts completed (1 up), 1 undergoing Service Scan When I port scanned the device, I saw that ports 55 were open. Nmap done: 256 IP addresses (9 hosts up) scanned in 1.86 seconds MAC Address: 08:00:27:80:2F:57 (Oracle VirtualBox virtual NIC) Nmap scan report for pfSense.sanctuary (192.168.5.1) This time, it’s Investigator by Sivanesh Kumar, which you can download here Enumerationįirst, when I loaded the VM in VirtualBox, I saw that it was an Android device of some kind.įirst, I scanned my network looking for the target system. It’s time for another VulnHub write-up to follow-up my Sunset Midnight post! VulnHub Investigator Walkthrough – Introduction * ASSIGNED SERVICE.This time, my VulnHub Investigator Walkthrough is for hacking into an actual Android device. * IT IS "GOOD" TRAFFIC, NOR THAT IT NECESSARILY CORRESPONDS TO THE * * TRAFFIC IS FLOWING TO OR FROM A REGISTERED PORT DOES NOT MEAN THAT * * ENDORSEMENT OF AN APPLICATION OR PRODUCT, AND THE FACT THAT NETWORK * * ASSIGNMENT OF A PORT NUMBER DOES NOT IN ANY WAY IMPLY AN * The registration procedures for service names and port numbers areĪssigned ports both System and User ports SHOULD NOT be used without The "IESG Approval" process, or the "Expert Review" process, as per User Ports are assigned by IANA using the "IETF Review" process, According to Section 8.1.2 of, System Ports areĪssigned by the "IETF Review" or "IESG Approval" procedures described in Ports (49152-65535) the different uses of these ranges are described in Port numbers are assigned in various ways, based on three ranges: System Service names are assigned on a first-come, first-served process, as Services that run over transport protocols such as TCP, UDP, DCCP, and Service names and port numbers are used to distinguish between different Service Name and Transport Protocol Port Number Registry Last Updated Expert(s) TCP/UDP: Joe Touch Eliot Lear, Kumiko Ono, Wes Eddy, Brian Trammell,ĭCCP: Eddie Kohler and Yoshifumi Nishida Reference Note
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |