Alright folks, lemme tell you about my little adventure with “big daddy v”. It’s not what you think, get your mind outta the gutter! I’m talkin’ about a specific vulnerability I was chasing down.
So, first things first, I stumble upon this target, right? Looked kinda juicy, like a ripe fruit ready to be plucked. I started with the basics – nmap scan. Gotta see what doors are open, what services are runnin’. You know the drill.
The scan popped back with a few interesting ports. HTTP, standard stuff, but then I saw something that made my eyebrows twitch – a weird custom service listenin’ on a non-standard port. That’s usually where the fun begins.
Next, I fired up netcat, just to poke around and see what this service was spewin’ out. I sent a few garbage characters, and BAM! Got a response. It was some kind of authentication prompt. Hmmm, interesting.
I tried the usual suspects – “admin:password”, “root:root”, you know, the classics. No dice. Time to get a little more creative. I decided to sniff the traffic. Maybe the authentication process was flawed, or maybe I could catch some credentials in plain text.
I used Wireshark to capture the packets going back and forth. And bingo! Turns out, the service was using a really old, crusty protocol with some seriously weak encryption. I’m talkin’ like, laughably weak.
I found the part where credentials being sent. After some digging and some Googling, found out about the encryption alogrithm. Broke that encryption in like 5 mins with python, and got the username and password of the admin user.
Now that I had the credentials, I logged in, and the system gave me commandline access. I was so happy.
Now, I started enumerating the system. ‘whoami’, ‘id’, ‘uname -a’. Standard stuff. I quickly realized that the user I was logged in as had sudo permissions. BOOM! Game over.
I typed in ‘sudo su’ and entered the password which i cracked before, and I was root. I had the keys to the kingdom.
But, I am a white hat hacker so i stopped what I was doing and created a report for the owner.
