Hey folks !! Today I have another boot2root challenge to solve named as odin. odin 1 is an easy level virtual machine created by ‘Bjorn’ ,So without any further ado lets start hacking.
here is the link to downlaod this VM: -https://www.vulnhub.com/entry/odin_1,619/
1.) Traget Discovery
‘# netdiscover -i wlan0’
The ip address our target machine is ‘192.168.1.8’
before starting, don’t forget to enter the ip address in your /etc/hosts as ‘odin’
example: 192.168.1.8 odin
2.) Port Scanning and Version Detection
‘# nmap -ST -p- -vv 192.168.1.8’
Only port 80 is open on the vm means HTTP.
3.) HTTP Enumeration
It’s a wordpress installation on the vm and with some manual enumeration I got the right user which is ‘admin’
Then used ‘wpscan’ tool to brute-force the password for the user
‘# wpscan — usernames admin — passwords pass.txt — url http://odin/ — password-attack wp-login ’
And got the credentials ‘admin:qwerty’
4.) The Shell
I used metasploit and by doing some of required changes I got the shell.
5.) Privilege Escalation
When I read the ‘wp-config.php’ file to get the password, I found something interesting in that.
Their is a root user password (encrypted) in the file, So I copied that password hash and cracked with the help of JohnTheRipper.
Cracked the root password which is ‘jasmine’.
Then I switched my user to root and finally got the root privilege.
Got the root flag. In root directory the final flag was in ‘bjorn’ file.
ROOTED :) !!