DerpNStink: 1 ~ VulnHub - Walkthrough

Revision as of 22:17, 2 May 2018 by Dmina (talk | contribs) (Created page with "Category:Pentesting == Objective == Explore multiple remote vulnerabilities and multiple privilege escalation vectors to gain access to and gain root privileges on the tar...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Objective

Explore multiple remote vulnerabilities and multiple privilege escalation vectors to gain access to and gain root privileges on the target host.

Source: [VulnHub.com]

Status: [Work in progress]

Methodology

Discovery


Recommendations

Appendix A: Vulnerability Detail and Mitigation

Unpatched Software Components
Rating High
Description xxxxxx
Impact xxxxx
Remediation xxxxx
Relaxed sudo Roles
Rating High
Description xxxxxx
Impact xxxxx
Remediation xxxxx
Default Weak Passwords
Rating High
Description xxxxxx
Impact xxxxx
Remediation xxxxx
Relaxed Filesystem Permissions
Rating High
Description Unix file permissions for /etc/shadow are incorrect.
Impact Allow any user with a shell to access this file and extract password hashes which can be further passed to a password cracking utility to extract user credentials.
Remediation Set unix file permissions for /etc/shadow to "600" and change ownership to root:root