ShellDredd #1 Hannah: Walk-Through

Today I’m going to solve a boot 2 root challenge of a new machine “ONSYSTEM: #1 ShellDredd” created by d4t4s3c . Its a simple and easy machine for beginners. Here is the link below where you can download this machine. https://www.vulnhub.com/entry/onsystem-shelldredd-1-hannah,545/

1.) Target Discovery By NMAP

“# Nmap -sn 192.168.43.1/24”

Here we got our target’s ip address 192.168.43.11

2.) Nmap Port Scanning

#Nmap -sS -sV -p- -vv 192.168.43.11"

3.) FTP Enumeration

Now here two ports are open one is ftp and another one is ssh running on the port 61000. As ftp is my favourite port so i tried to enumerate it first by anonymous login.

4.) SSH Shell

So the anonymous login is allowed in this machine as we can see id got “id_rsa” private key file in “hannah” folder. It means their is a user named as “hannah” who’s private key is placed here.

“# ssh -i id_rsa hannah@192.168.43.11 -p 61000”

We tried to make ssh connection with that file and we got the ssh shell

5.) Privilege Escalation

Now its time for privilege escalation. So it filtered all the file containing super user permission.

“$ find / -perm -u=s -type f 2>/dev/null/”

I got a file named as “cpulimit” through this file we can run any command as super user. From this file I copied the /bin/bash file to hannah’s home directory and executed it as super user.

“$ ./bash -p”

And I got the root shell as well as root flag. The challenge is completed successfully.