Shenron: 1 Vulnhub Writeup

Difficulty: Easy/Medium


Default port 22 and 80 let’s enumerate with gobuster you will find /test/password and we got the user and password for the website, enumerate more with gobuster and you will find /joomla/administrator

Insert the credentials

Navigate on “templates”

And type on “Protonstar”

Go in index.php

And now we can upload our reverse shell. In you terminal type: locate php-reverse-shell.php and copy it in you folder

Now put in, and instert your ip and your port and listen with netcat! Click on save.

Now click on Template review and we are in!!!

Now enumerate more in www-data! Navigate in /var/www/html/joomla and there is a file called “configuration.php” , this file contain Mysql credential, but if you try to enter in Mysql there is a Rabbit hole!

This are the simple credential for user jenny, so enter in jenny!


Now we are in jenny and we notice that sudo -l , shenron have privilege

Now create our RSA key

Copy out key and put in /tmp of jenny’s shell.

Now we can cp our RSA in shenron .ssh folder, let’s try!

Nice , now we can login with shenron, so in our shell type:

Now type: find / -type -iname “password.txt” 2>/dev/null and you will find the password for shenron and type sudo -l , you will find /usr/bin/apt


And! we are ROOT!

I hope this is usefull!




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store