In this article we are going to solve vulnhub machine “Monitoring:1” which can be downloaded from here.
After running the vulnerable machine, first we need to discover it’s address. For this I will be using arp-scan tool.
Highlighted one is the required IP. Now lets scan the services running on this vulnerable machine using nmap.
Now using this we can go in depth and probe these services for more details. Lets perform nmap aggressive scan on these services.
As we can see there is one service running on port 80 with title Nagios XI. On visiting this web page we get to know that it is a simple web page with a simple button of “Access Nagios XI”. Checking source code gives nothing.
On clicking this blue button we are introduced with a login page.
On trying some common usernames and passwords like admin-admin, admin-password, root-root gives no access. But default nagios username(google to find default username) and entering password as “admin” gives us access. Now we have username and password for nagios XI.
Lets move to metasploit framework for exploitation.
As we can see the first exploit with excellent rank could give RCE. We need to try this exploit.
wooohhoooo!!!!!! We can see our awesome word “meterpreter” here that means we gained access and our exploit worked successfully. Now lets get access to bash shell by running a simple line of python on shell(for other language check this).
As we can see we gained access as root user that means we can access /root directory. May be we could find our flag in /root, lets move and check /root directory.
And here we found our flag 😉😉😉😉😉😉
This machine comes in very easy category but it is good for beginners like me because it gives you a wonderful learning that always go for low hanging fruits first. In spite of having tempting services like ssh,ldap we able to find our path through simple http web page.