Mr Robot

This is my writeup for the Mr. Robot VM.

Step 1 – Find out Mr. Robot IP

Since all devices are on my home Wifi network, I run a quick netdiscover scan. The machine is at

Step 2 – Enumerate the IP to find out open ports, service version, OS etc..

This provides the following attack surface:

  • Port 80 – Apache httpd
  • Port 443 – Apache httpd
  • OS – Linux

Step 3 – Enumerating web ports

WordPress installation found

The login page in its error message reveals if the username or password is incorrect. Trying out few usernames, username elliot is identified

Created a unique list of words from the fsocity.dic file and used it for a bruteforce attack

The password was found in few minutes

Modified an existing plugin, added php reverse shell code and obtained a shell

User robot is present and has 2nd key file in his home directory

Decrypting the MD5 hash and su as user robot and accessed key file

Nmap binary has been granted setuid permissions and is owned by root user. Also the version installed has interactive option present. Exploiting this and obtaining root !!!




Leave a Reply

Your email address will not be published. Required fields are marked *