PRIMER is a vulnerable VM which you can find on VulnHub.Anyways,let’s get started.
First off I ran a netdiscover scan.Since I’m using VirtualBox I know the MAC Vendor,so the IP is 192.168.1.6.
I ran nmap to scan for open ports and got 3 open ports,but only 2 of them were of some value.I decided to lay off SSH for now and focus on port 80 instead.
This is the webpage.I noticed the login form and tried to bypass the login via SQLi but I’ve failed.
Since I didn’t manage to bypass login I peeked at the robots.txt and found a interesting discovery.
I pasted the directory in the URL bar and got this page.
Which lead me to this one…
The next ‘node’ was a little bit different.It was just a prompt.First thing I did was view the source and there I found the next location.
Every directory name is crafted in a special way…A number and a MD5 hash.
4_MD5(7),5_MD5(11),6_MD5(13) and 7_MD5(17)
Using this simple algorithm I figured out the next URL,
And I was correct.
Click on the [EOF] link lead me to a page that seemed like a terminal.I ran the help command to see what commands I can use.
When I ran whoami the text went corrupt and red,but I could make out ‘nieve’ from it.
I refreshed the page and took a look at the running processes.
I assumed nieve,falken,root and c0re were all SSH users so I fired up hydra and found out the password for nieve.
I SSH’d to the box and took a look around.
I navigated to the directories I haven’t been to and finally finished at the URL, http://192.168.1.6/10_23693cff748o49r45d77b6c7d1b9afcd ,which was the end screen signalizing my victory.Hooray!
I gotta admit this VM was very fun and I hope you enjoyed reading my walkthrough.Thanks to VulnHub and the creator of this VM,couchsofa or Arne Rick.