This walkthrough details the exploitation process on the Shenron2 vulnerable machine on Vulnhub, focusing on WordPress vulnerabilities and SSH brute-forcing.
Starting with network discovery using Netdiscover and Nmap to scan the IP range and identify active hosts, services, and open ports, it proceeds to enumeration using Gobuster to identify accessible directories and files.
A vulnerability scan using WPScan identified WordPress plugin vulnerabilities, specifically a Local File Inclusion (LFI) issue in the “site-editor” plugin, leading to accessing the /etc/passwd file for user enumeration.
SSH brute-force using Hydra revealed credentials for the jenny user, enabling further access.
A SUID binary was exploited to gain initial access and escalate privileges to the shenron user, followed by a Base32-encoded string decryption to retrieve shenron user credentials.
With shenron user privileges, full sudo rights were attained, allowing root access and retrieval of the root flag.