BBS (CUTE) Vulnhub Write-Up

Hey there ! Today We have another boot2root challenge “BSS(CUTE)” which is created by “foxlox”, Its an intermediate level box and here is the link below where you can download this VM:- https://www.vulnhub.com/entry/bbs-cute-102,567/

1.) Target Discovery

# netdiscover -i wlan0

Here we got the target IP which is “192.168.1.9"

2.) Port Scanning and Service Detection

For this job I used “NMAP”

# nmap -sT -p- -vv 192.168.1.9

We got so many ports on this VM. Lets go for HTTP.

3.) HTTP Enumeration

“# gobuster dir — url http://192.168.1.9/ -x html,php,txt,js -w /wordlist.txt”

With the help of “gobuster” I got “index.php” file on the web server.

So here is a web application running on the web server, but if we look at the bottom of the register button we got the version of the application which is “2.1.2”, so the application is “CuteNews 2.1.2”.

And we have a exploit for this web application too, So I used exploit “48800” form “searchsploit”

This exploit needs some minor changes like url paths for the target web application.

Now all changes are done and its time for exploiting the target web application

4.) Capturing Reverse Shell

And we got the shell, but with this shell we cannot explore the hole VM , for that we need a proper python shell ,so I switched to python shell.

5.) Privilege Escalation

“$ find / -perm -u=s -type f 2>/dev/null”

from the above command we got some binaries with super user permission and one of them is “hping3"

So it’s time to exploit it

“$ hping3”

“hping3” provided us the root privilege. From here we can run any command as root, as you can see in the above image we are able to read “root.txt” flag in the root directory

Challenge Completed !! :D