Chain reaction. We analyze the vulnerability from a forgotten comment to a complete compromise
In this article, we have to overcome a long chain of obstacles on the way to the cherished root. Along the way, we will find vulnerabilities such as LFI, RCE, and privilege escalation in various ways. And we will practice on the ch4inrulz: 1.0.1 virtual machine obtained from VulhHub.
VulnHub is a resource that provides images of operating systems with services in which vulnerabilities are "protected". By downloading such an image, anyone can gain experience in hacking or system administration.
Briefly about the main
On the machine, we found FTP (which was not useful in our solution), SSH and two web applications sticking out. Thanks to LFI, in one of them we got hold of basic authentication creds, where we found a service for uploading pictures. By uploading a malicious image, we received RCE by including it through LFI. Next, we took over root rights using the DirtyCow exploit. That's all! If you wish, you can download the virtual machine and try to do the same without peeping here.
In this article, we have to overcome a long chain of obstacles on the way to the cherished root. Along the way, we will find vulnerabilities such as LFI, RCE, and privilege escalation in various ways. And we will practice on the ch4inrulz: 1.0.1 virtual machine obtained from VulhHub.
VulnHub is a resource that provides images of operating systems with services in which vulnerabilities are "protected". By downloading such an image, anyone can gain experience in hacking or system administration.
Briefly about the main
On the machine, we found FTP (which was not useful in our solution), SSH and two web applications sticking out. Thanks to LFI, in one of them we got hold of basic authentication creds, where we found a service for uploading pictures. By uploading a malicious image, we received RCE by including it through LFI. Next, we took over root rights using the DirtyCow exploit. That's all! If you wish, you can download the virtual machine and try to do the same without peeping here.