So I Pwned Pwndrive Academy
This is my first time practicing on pwntilldawn. I had to scan a range of IP addresses after firing my pwntilldawn OpenVPN config file. I had to pick some IP addresses as my targets, with pwndrive being one of them.
I started by firing nmap at the target. Initially, I made use of
nmap -T4 -p- -A <target>but unfortunately..it keeps breaking maybe because of network issue or that is how pwntilldawn works since it is my first time. So i used
nmap -p- <target> -vvI could see how the scanning is going in real time. I was noting all the discovered ports down in case it may stop again, but it actually finished scanning and gave me the list of open and filtered ports.
I picked a few low-hanging ports (fruits). I did a version scan on each of them using.
nmap -p [ports] -sV <target ip>After running it, I was able to get what I was expecting.
I started my research on each of the selected ports to see if there are any known vulnerabilities associated with them, as well as their severity and available working exploits. Funny how I actually skipped checking port 445 first… SIGH. I started with other ports and found that some of them are vulnerable, but there is no public exploit available for others (these are my findings). I found an exploit for ports 80/443 (http/https) and 3306 (mysql).
Lastly, checking 445, Boom, the version is vulnerable to the cute Eternalblue, but I have to verify if it is patched or not.
I checked if it was patched or not using Autoblue checker (you can also use Metasploit). As usual, it wasn’t patched, so I decided to use Autoblue. A friend advised me to be familiar with manual exploitation. However, it keeps giving me some errors that I don’t really understand. I switched to Metasploit to exploit the vulnerability. I was prepared that if it is successful, I may have to escalate my privileges to get the flag.
Exploited successfully.
I navigated around until I got the flag… easy peasy… no need for privilege escalation.
I mentioned earlier that I tried using AutoBlue, but it wasn’t working as expected. Guess what? Hahaha, it was my fault, I think (90% sure), but I won’t tell you the mistake because it’s kind of funny and embarrassing. But lesson learned.
Thanks for sticking with me until the end.
For any suggestions or Correction, Kindly reach out to me:
Twitter — callgh0st
