Vulnhub: Raven 1 Writeup (OSCP PREP) [by dollarboysushil]

dollarboysushil
InfoSec Write-ups
Published in
3 min readDec 10, 2023

Link to Raven 1: https://www.vulnhub.com/entry/raven-1,256/

Raven is a Beginner/Intermediate boot2root machine. There are four flags to find and two intended ways of getting root. Built with VMware and tested on Virtual Box. Set up to use NAT networking.

Note: I will be focusing on getting the root of the machine, I will not be focusing on getting the flag.
Disclaimer: Personally I didn’t like this machine

Nmap Scan

port 22 shh
port 80 http
port 111 rpcbind

Nikto scan result.

Running gobuster gives /wordpress hidden directory.

Since we have wordpress running , lets use wpscan

didn’t gave much info.

Then I tried enumerating the users by adding — enumerate u option

Which reveals two users michael and steven

Then I saved this usernames into username.txt

After running hydra to bruteforce , password is revealed.

and we have shell as user michael

while digging around , i came across flag 2.

visiting /var/www/html/wordpress we can see wp-config which can have juice info.

And jackpot, we have mysql database credentials

and we have username and hashed password.

Then I used hash-identifier to identify hash type.

Running john gives us the password pink84

switch user to steven

Privilege Escalation

running sudo -l shows that user steven can run /usr/bin/python as raven

Looking at https://gtfobins.github.io/.
we can run command sudo python -c 'import os; os.system("/bin/sh")' to get root access.

and we got the root access.

For any correction / query /suggestion contact on
Instagram dollarboysushil
Twitter (X) dollarboysushil
Youtube dollarboysushil

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by dollarboysushil

CPTS | @dollarboysushil on Twitter , Instagram , Github , Linkedin OSCP & CPTS Notes are available here https://notes.dollarboysushil.com/

No responses yet

What are your thoughts?