Scribd Logo
Upload

Welcome to Scribd!

  • Vulnhub - Droopy: v0.2: Penetration Test Report

    Uploaded by

    Anonymous Ol7p04
    68 views6 pages
    This penetration test report summarizes the vulnerability assessment of the Droopy v0.2 virtual machine. The assessment found the machine was running Drupal 7 with a known exploit in Metasploit. This provided a meterpreter shell as the www-data user. Further enumeration revealed the system was Ubuntu 14.04.1 LTS, and a local privilege escalation exploit was used to gain root access.

    Original Description:

    d

    Original Title

    Droopyv0.2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This penetration test report summarizes the vulnerability assessment of the Droopy v0.2 virtual machine. The assessment found the machine was running Drupal 7 with a known exploit in Metasploit. This provided a meterpreter shell as the www-data user. Further enumeration revealed the system was Ubuntu 14.04.1 LTS, and a local privilege escalation exploit was used to gain root access.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    68 views6 pages

    Vulnhub - Droopy: v0.2: Penetration Test Report

    Uploaded by

    Anonymous Ol7p04
    This penetration test report summarizes the vulnerability assessment of the Droopy v0.2 virtual machine. The assessment found the machine was running Drupal 7 with a known exploit in Metasploit. This provided a meterpreter shell as the www-data user. Further enumeration revealed the system was Ubuntu 14.04.1 LTS, and a local privilege escalation exploit was used to gain root access.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Vulnhub - Droopy: v0.

    2
    Penetration Test Report
    25/3/2018 -N4ckHcker
    Executive Summary
    Summary of Results

    Initial enumeration of the box, gave us that the box ran


    Drupal7. At the exploitation part I found one exploit at
    metasploit that worked and I took meterpreter shell.
    At the final step (Privilege Escalation) i found a local root
    exploit based on ubuntu 14.04, and I took root.
    Attack Narrative
    Remote System Discovery

    I used linux arp-scan to find the target IP Address.

    Running service(s) is only one, port 80 and run http.


    Now at the exploitation part, I fired up metasploit
    because I knew it had an exploit that works for our
    target.
    Exploitation

    And I took a meterpreter shell, then I spawned a shell.

    Also I spawned a TTY Shell & I’m as www-data.


    Privilege Escalation
    After some enumeration I find out that Ubuntu version
    is : Ubuntu 14.04.1 LTS.

    This exploit worked and I took root.


    https://www.exploit-db.com/exploits/37292/

    I have root.

    You might also like