Funbox-5: Next Level Walkthrough (Vulnhub)

Description from Vulnhub

Let's separate the script-kids from script-teenies. Hint: The first impression is not always the right one!. Another nice VM from @0815R2d2 which teaches some new knowledge.

Knowledge Gained:-

1. Enumeration
2. Wpscan
3. Password Brute Force attack
4. Knowing service dd
5. Privilege Escalation

Port Scanning

After identifying the intended victim let’s run a Nmap scan to find the open ports and services running.

Web Reconnaissance

Visiting the home page of the victim on port 80 shows the same default page of Ubuntu and has nothing useful. So, I tried gobuster for enumerating the hidden directories and find an interesting one.

I tried opening the URI /drupal but not succeeded. Then I tried gobuster again on the URI /drupal/ and yes, got…