digitalworld.local: DEVELOPMENT walkthrough
you can download it here: https://www.vulnhub.com/entry/digitalworldlocal-development,280/
use nmap to discover the target:
nmap -p 1-65535 -T4 -v 192.168.227.0/24
check its 80 port:
use dirb to scan for sensitive directories and files.
check its development directory
download the test.pcap and load it with wireshark.
google “slogin_lib.inc.php” for relevant vulnerability and found this: https://www.exploit-db.com/exploits/7444, and it turned out /slog_users.txt is available.
using google to crack the hash, and get three:
tried using these credential to login, and succeeded with intern’s
restricted in a shell with limited commands, easily escaped using following commands:
there was nothing more that intern can do.
tried the recent CVE-2019-7304 but failed
try to su as patrick and succeeded.
check sudo file
ok, sudo vim and !/bin/bash and get root.
tried CVE-2018-18955 and succeeded.