SickOS 1.2 is the second Boot2Root Challenge in SickOS Series and is available at Vulnhub . This is an interesting CTF and requires think-out-of-the-box mentality. This VM is intended for “Intermediates” and should take a couple of hours to get root. In this walkthrough, I’ll be using Parrot Security OS but you can use Kali or any other distro. Turn on the Virtual Machine and use Netdiscover to determine the IP. Then register this IP to your local DNS file “/etc/hosts”. sudo netdiscover -r [IP/subnet] sudo nano /etc/hosts Run a full port Nmap scan. There is an HTTP Server running. There’s no “robots.txt” file so we need to run a dirb scan. dirb http://sick.local/ There’s an empty directory called “/test/”. When we test the Server, we see that PUT and DELETE commands are enabled. Now, try to put something to the Server. Fire up Burp Suite and in Repeater, set up the host as “sick.local” and port 80 and write PUT /test/hello HTTP/1.1 Host:
Red Securium Company Provide Web Services | Web Development | Software Development | Digital Marketing Service | Video Marketing Service | Video Logo Service & SEO Service. www.redsecurium.org Contact Us - +91 120 429 1672