holynix v1

A few days ago I came across holynix. This is a distribution prepared for hacking based on someone Ubuntu with apache installed + mind + php and some page. The goal is to exploit the launched applications and services to reach the root rights. Now I will not describe how services and applications break but how to solve the problem with a non-bootable network. I used virtualbox to run holynix v1. I put my image and vision for a new device on my network – I decided to do it like people don't know what the IP to exploit is, but I did not find one. I restarted and removed the silent start and saw, that during network startup roars, that there is not /var / run /network/ifstate. Решението е елементарно трябва при стартиране на мрежата да се провери дали съществуват съответната директория и ако не да се зaдаде и същото за файлът. Това е тривиална операция в /etc/init.d/networking the following are added at the beginning of the start function 2 order

[ -d /var/run/network ] || mkdir /var/run/network
[ -f /var/run/network/ifstate ] || touch /var/run/network/ifstate

This is a clear solution, however, we do not have a password for the root user 😀 Now follows the fun part and our first hack 😉 To get the root user in the grub menu we need to do some magic. We have to press esc the menu will be displayed shortly before the system starts. Then with E we enter the menu editing mode in the kernel part we finally add init=/bin/bash and we change ro on rw so that the file system has write permissions during installation after taking the root shell.

Then we fix the file for network interfaces. We need to change /etc/network/interfaces to raise eht1 and take dhcp network settings. Because by default it looks for eth0 and we have a new device that will be initialized with eth1. You restart and should now have a new device on your network.

ps A little hint to break the login part in the password field has sql injection 😉 Have a nice laugh

ps 2 I have used it VirtualBox for visualization in bridge mode for the network.

Enhanced by Zemanta

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti SPAM *