SickOS 1.2 Walkthrough – Vulnhub

Name: SickOs: 1.2

Date release: 27 Apr 2016

Author: D4rk


Initial scan results show TCP 22 and 80 running SSH and lighttpd respectively.

Kicked off dirb and found a test folder.

Checked the options on the test folder…and saw that the server allows put.

Used the following command to put a php shell on the target. The command puts the php command into the shell.php file on the target.

curl -v -X PUT -d ‘<?php echo shell_exec($_GET[“cmd”]);?>’

Then tested for command execution.

Used the Python shell from pentestmonkey to get a reverse shell.

Privilege Escalation

Browsed through syslog and found chkrootkit running every minute or so.

chrookit version = 0.49

This looks promising 🙂 –

Following the exploit above…

and a few minutes later…

I completed this vm while studying for the OSCP and felt that it helped in the learning process. Thanks D4rk!

Leave a Reply