This is my writeup for the Mr. Robot VM.
Step 1 – Find out Mr. Robot IP
Since all devices are on my home Wifi network, I run a quick netdiscover scan. The machine is at 192.168.1.25
Step 2 – Enumerate the IP to find out open ports, service version, OS etc..
This provides the following attack surface:
- Port 80 – Apache httpd
- Port 443 – Apache httpd
- OS – Linux
Step 3 – Enumerating web ports
WordPress installation found
The login page in its error message reveals if the username or password is incorrect. Trying out few usernames, username elliot is identified
Created a unique list of words from the fsocity.dic file and used it for a bruteforce attack
The password was found in few minutes
Modified an existing plugin, added php reverse shell code and obtained a shell
User robot is present and has 2nd key file in his home directory
Decrypting the MD5 hash and su as user robot and accessed key file
Nmap binary has been granted setuid permissions and is owned by root user. Also the version installed has interactive option present. Exploiting this and obtaining root !!!