This article provides a detailed walkthrough of exploiting a vulnerable machine named VulnNet: Internal. The process includes initial reconnaissance, service enumeration, and privilege escalation to achieve root access. Key techniques utilized include Nmap scans, SMB and NFS enumeration, Redis exploitation, and TeamCity manipulation. Affected: VulnNet: Internal
Keypoints :
- Initial reconnaissance performed using Nmap to identify open ports and services.
- SMB shares were enumerated to find accessible folders and files.
- NFS shares were explored to discover configuration files containing sensitive information.
- Redis service was accessed using a master password to retrieve keys and flags.
- Rsync service was exploited to download files and gain further access.
- SSH key was generated and uploaded to gain shell access on the target machine.
- Privilege escalation was achieved through TeamCity by exploiting a super user token.
- Final root access was confirmed, leading to the discovery of the last flag.
MITRE Techniques :
- Reconnaissance (T1595) – Conducted Nmap scans to identify open ports and services.
- Credential Dumping (T1003) – Retrieved sensitive information from Redis configuration files.
- Exploitation of Remote Services (T1210) – Exploited the Rsync service to download files.
- Privilege Escalation (T1068) – Exploited TeamCity to escalate privileges to root.
Indicator of Compromise :
- [file name] services.txt
- [file name] redis.conf
- [file name] user.txt
- [file name] root.txt
- [others ioc] TeamCity super user token
- Check the article for all found IoCs.
Full Research: https://medium.com/@mickaelbenlolo/medium-story-vulnnet-internal-from-recon-to-root-f3bfe4c605fc?source=rss——cybersecurity-5