THM Walkthrough – Vulnversity Part 1

THM Walkthrough – Vulnversity Part 1

I am back with my favorite type of blog which is walkthrough of THM machine. In this machine we will Learn about active recon, web app attacks and privilege escalation. We will also learn how to attack using burp suite Intruder.

Task 1: Deploy the machine 

Got Connected to THM server and OpenVPN Servers and deployed Vulnversity machine.

Task 2 : Reconnaissance

Using Nmap for this with command: namp -T4 -sC -sV -vv <IP>

As we can see here in the namp Scan results,
• We found 6 open ports.
• Squid http-proxy is open on port 3128
• http is open on port 3333
• They are using OS Ubuntu Linux
As ftp is open on port 21, lets try to connect:

Both of them are password protected. So we should try other ways.
From namp scan we also got that http is running on port 3333. Let’s browse it to find out what do we have:

Task 3: Locating directories using GoBuster

Now that we have a website access, Lets start scanning the website to find any hidden directories. Here this machine required us to use GoBuster tool for that but you can use any other tool. Check Out my  Rick & Morty Blog I have used dirbuster tool for same purpose. 

GoBuster is a tool used to brute-force URIs (directories and files), DNS subdomains and virtual host names. For this machine, we will focus on using it to brute-force directories.

If you are like me and don’t have gobuster installed in your system, Download GoBuster here, or run sudo apt-get install gobuster

But when I tried to install it, I was having following issues:

I tried to troubleshoot by checking and adding source repositories to source file /etc/apt/sources.list (It Can be found here: https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/)

But again, got same error message. Then I thought of cloning it from git repository.

Still it was not getting installed. Upon investigating further got to know that my system was lacking Go language.

Since this tool is written in Go language we need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed, we need at least go 1.16.0 to compile gobuster.

This is one way to do it or you can directly go to https://github.com/OJ/gobuster/releases and install this latest release ( at the time of writing this blog, I have used this: gobuster-all.7z ) which comes with everything we need to make gobuster work like go language and compiler.

Finally got my Gobuster installed and running:

Now to get started with directory search, we will need a wordlist for GoBuster (which will be used to quickly go through the wordlist to identify if there is a public directory available. If you are using Kali Linux you can find many wordlists under /usr/share/wordlists.)

Command: gobuster dir http://<IpAddress>:<Port> <Path To Wordlists>

gobuster dir -u http:// 10.10.135.231:3333 -w /usr/share/wordlists/dirb/common.txt

dir: uses directory/file brute forcing mode

-u: the target URL or domain

-w: path to word list

After Checking, Out of all this results, found something interesting in /internal page.

Yes your guess is right…!!! It’s a File upload Vulnerability.

In this part of the blog, I have completed Task 1,2 & 3 of the vulnversity machine.

In next part we will learn how to compromise the web server. We will also use Application security testing tool, Burp Suite and I will show you step by step process to execute Burp suite Intruder attack, so we can compromise Vulnversities webserver and get user flag. It will be interesting so stay Tuned for next part. Until then, Happy Hacking…!!!