Exploit PWNOS in VirtualBox and Privilege Escalation

oke,, i will report my practice to exploit PwnOs in virtual box on BlackBox.
first we must get information step by step..

1. Information Gathering and Service Enumeration
2. Vulnerbality Assesmant
3. Exploitation 
4. Privilege Escalation

• Information Gathering and SE 

Target : 192.168.56.101
Probe using nmap






we can get IP after runing PWNOS in VirtualBox, see this screenshot

oke,, next we probe an another information like port open and os version

 

probe using zenmap

we get information 5 port open is  webmin Miniserv 0.01, ftp samba 3.x, webservice apache 2.2.4 and ssh.

• Vulnerbalyti Assesmant

target : 192.168.56.101
probe using Exploit-database and nessus

ahay... we get many information from lebrary exploit-database and information level vulnerabelity from nessus..
oke.. lets to try exploit using metasploit console.. try webmin

yup,, we try use auxillary/admin/webmin/file_disclousure and show options

 we must set RHOST.. 192.168.56.101

oke,, tay to exploit..

yes.. it sucsesfully
we get many user .. but its not first experimen... try and try if you field..he hehe

oke.. let do Privilege Escalation.
probe using  john the ripper..
before escalation, we must get User and Password.. how to get it ??
set PATH from etc/password to etc/shadow

look at, we get information user and password..
copy from rott until last...create file.txt

next.. try escalation using jhon
before use john.. add wordlists.. couse in BlackBox  notyet.. we must added

he he.. password cracking proses complite.. but ohh noo.. password not cracked couse wordlists nothing macth..

conclusion: password not cracked couse nothing wordlist macth