Fristileak is a very awesome machine to work and practice on. Once you download the Vm from Vulnhub you will have to see the MAC address to 08:00:27:A5:A6:76 for it to be able to run correctly.
Lets get Started!
I knew the IP address of the machine as they give it to you when you start the VM. But for fun and out of habit i run
Next I run a Nmap scan to see what open ports and services are available.
Once completed it returns with Port 80.
Also in the output are the robots.txt outputs
First before testing i visit the webpage
Next I test the first robot txt output
I visited the others and received negative outputs.
so i tried
BOOM! A login and password page
For good practicei check the source code of the webpage
I see that the image is encoded with Base64.
When inspected the photo i see a differentcode then above.
I then Take the Base64 code and decrypt it to get the password of the login.
Once Im logged in, i greeted with uploads page.
I made a php upload and tried uploadedit and got a error due to the fact that the only a png,jpg,gif file can only be use.
So what i fired up BurpSuite to bypass and change the filename by adding a png extension
Once changed i Forward the change and get a successful upload
I then visit the upload page to get execute my webshell!
In /var/ folder we can see a /fristigod/ folder by fristigod user, interesting.
Once in the /fristigod dir ithen see the notes.file
In the /home dir i see users
I check to see whats in the eezeepz dir only to find another notes.txt file
Next i tried to get to the Admin dir. i get a permission denied
I first of all try issuing a chmod, by echoing chmod 777 /home/admin to /tmp/runthis.
Once the run and able to get into the Admin dir
Once the Base64 is decode i am giving the words
This will be the password to login