May 31, 2021
2 min read
Vulnhub:R-temis:1 walkthrough.
Hi all in this walk-through I show how to get root on the box R-temis:1 from vulnhub.
This is rally a simple machine. Let’s start with nmap scan.
Used dirb for enumerating the directories and files on web.
The contents of easy.txt is below.
+++++ +++++ [->++ +++++ +++<] >++++ +++++ +++++ .++.< +++[- >---< ]>---
---.+ +++++ ++.-- --.<+ ++[-> +++<] >+.< rtemis+++++ +++++ [->++ +++++ +++<] >++++ +++++ +++++ ++.<+ +++++ +[->- -----
-<]>- --..< +++++ ++[-> +++++ ++<]> +.<++ ++[-> ----< ]>.<+ ++++[ ->---
--<]> ----- ----. <++++ +++[- >++++ +++<] >++.. < t@@rb@ss
So we have rtemis as user and t@@b@ss as password. Let’s ssh using this.
Now we are rtemis user. File ”.bash_history” shows somu user can access the mysql but for that we need password.
I also viewed the contents of .mysql_history and it gave me root password. Let’s try it.
I used the password mentioned for root and I got root access.
Flag:
And that’s it this is a very simple machine no need to brute-force no RCE, only enumeration.
Hope you like the walk-through.
