Posts

Showing posts from July, 2017

Proteus Pwn4g3

Image
Hi Everyone,

Over this blogpost, I shall write about how I cracked a recently hosted challenge on vulnhub named "Proteus".

Looking at the machine description over Vulnhub:



The machine simulates an environment where you can upload executable files and performs malware analysis over it.

I download the OVA and setup my kali and vulnerable machine on the same network.

First and foremost, network discovery:



So the IP I shall be targeting is 192.168.137.250

I ran nmap and two services stand out:
1. ssh ==> port 22
2. http ==> port 80



I tried checking over ssh but it seems only key based login is allowed.

I shifted my focus over to port:80



Immediately striking are two things:

1. File upload feature
2. Login functionality

It seemed that the file upload is based on mime type and only executable file or sharedlib types are supported for uploads.

First I tried uploading a normal file and as an output we get binary analysis of the file.
Checking the output I see that all the ascii strings inside t…