๐ŸซŽNullbyte

Vulnhub NullByte Writeup will walk you through the techniques required to root the box and capture the flag, those techniques include:

-> Scanning -> Extract hidden data from image -> Brute force HTTP post form with hydra -> SQL injection with sqlmap -> Exploit PATH Environment Variables

Download the machine from vulnhub and export it to VMWare Workstation or VirtualBox and import the machine to VMware Workstation or Virtual Box.

1.Discover the Nullbyte Machine IP

Command: #netdiscover

  1. Scanning

Do the nmap scan

nmap -sS -sV -sC -p- 10.10.1.9 -oN nmap_nullbyte_fullscan

0B
nmap_nullbyte_fullscan
Open

During scanning we found that HTTP, SSH, RPC (80/111/777) Ports are open.

Will save the Image and we will try web enumeration using nikto and dirb ,gobuster.

Command:

nikto -h http://10.10.1.9

Try to check the phpmyadmin web page.

Nothing discovered from phpmyadmin page and default passwords are not working.

dirb http://10.10.1.9/

Nothing identified using dirb.

Use gobuster to do the directory enumeration using below command.

gobuster dir -u http://10.10.1.9 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x .php,.html,.txt,.sh,.bak,.js

Nothing discovered using gobuster.

final we will try to check the image which is saved iniatially main.gif using below commands

1.stegseek - if the tool is not installed install it using apt install stegseek command

2.steghide - if the tool is not installed install it using apt install steghide command

3.exiftool

Using exiftool we have discovered some key in the image. Use the key and enter in the webpage tp enumerate.

http://10.10.1.9/kzMb5nVYJw - try to navigate in the browser.because this is not the username and password.

Possibly its webpage. We can try.

we dont know the key so we can use burpsuite and hydra.burpsuite is slow so we can try hydra using wordlist.

we can enter some key to capture the request and use the request page to use the hydra to crack the key.

Captured POST Request http://10.10.1.9/kzMb5nVYJw/index.php

Now we can use the hydra to crack the key

hydra -L /usr/share/wordlists/rockyou.txt -P /usr/share/wordlists/rockyou.txt 10.10.1.9 http-post-form "/kzMb5nVYJw/index.php:key=^PASS^:F=invalid"

Key is PASS which we need to enter

F=INVALID which we get the error

http-post-form - post form we have to enter

PreviousDC3NextDC4

Last updated

Was this helpful?