Hemisphere Lynx Walkthrough
You can download it from here: https://www.vulnhub.com/entry/hemisphere-lynx,577/
Summery:
After run namp to discover open ports, we find ports 80,22 open then run enum4linux to find johannes user and discover password policy then run cewl to create password list then make bruteforce attack on ssh service after enter to the system run linpease to discover .creds file it have root credential
Scanning:
first let’s run netdiscover command to know target ip
then run nmap find open ports and running services
Ok open ports: 21,22,80,139,445
Enumeration:
let’s run enum4linux to enumerating information from the target os
from enum4linux we discover johannes user and password policy this will help us in brute force
let’s check http page:
we can make password word list using cewl and we know password min lenght 5 from password policy
then let’s make brute force attack on ssh service
Ok now we have the credentials let’s login
now we inside the system and you can find user flag
Privilege Escalation:
privilege escalation time i will use my lovely script linpeas
you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
let’s open python server to download you script
After run the script we find .creds file
After open it ,it’s base64 decode and reversed ,so let’s decode and reverse it
now we have root credentials and read root flag