Open in app

Sign in

Write

Sign in

MyFileServer1 Walkthrough

Sarthak joshi
3 min readMay 2, 2020

MyFileServer1 is the best machine for beginners to learn enumeration . The author of this machine created it by keeping the concept of OSCP and CTF in mind. You can download it from vulnhub.com

So lets start without wasting our time

Step1: Network scanning with nmap.

I used nmap for getting the target’s ip address you guys can also use netdiscover for the same task. Now here we get the ip address of our target :192.168.43.205

Setp2: Port scanning

Here I’m also using nmap for scanning the ports of our target.I always prefer you to use nmap because it is fast and loaded with many features ,so here we get five services running on this target machine.

Step3:Enumerating the WEB

Firstly I’m enumerating the web part , so just have a look by hitting ip address on target on your web browser

So now we are using a tools called nikot .In my opinion nikto is the best tool for just enumerating the web .

now we some thing interesting “readme.txt” .Lets see whats in it

Bang we really got some thing big ,So now we have a password rootroot1,but we don’t have any user name so for that we will move for the further step

Step4:Enumerating the SMABA service

Now we are enumerating the SAMBA service by smbclient -L //target ip

here find that smbuser can be a user ,so without wasting time we proceed for ftp

Step5:Exploiting the vulnerability

Here we create a ftp session with the username “smbuser” and password “rootroot1” and see it works. we are in.

As we are in the home directory so we can make a .ssh directory and can put our public key for getting a shell ,so first we generated a key

After that we put that key to the server via ftp as authorised_keys

Now here we almost done ,we just have to create a ssh session by using the private key

Yo we got a shell , now its time to move on further step

step4:Becoming supper user

If you remembered we still have a password “rootroot1” ,So we can try it for root also.

And great we are root now with the same password you can alos exploit kernel or sudo there are still many ways to become root. Now its time for proof.txt

So now here we completely done the challenge. And we got a root shell.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Sarthak joshi
Sarthak joshi

Written by Sarthak joshi

29 Followers
58 Following

Penetration Tester, CTF player, Full time Learner and Part Time Blogger. Twitter :- https://twitter.com/Exploiter_21, Linked :- https://www.linkedin.com/in/sart

No responses yet

Write a response

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams