HarryPotter: Aragog


Back to the Top

Aragog is the 1st VM of 3-box HarryPotter VM series in which you need to find 2 horcruxes hidden inside the machine (total 8 horcruxes hidden across 3 VMs of the HarryPotter Series) and ultimately defeat Voldemort.

This is the part 1 out of 3 VMs submitted on Vulnhub, So lets get started with it:


First of all lets check out the IP of the machine so that I can move ahead with the service enumeration.

Service Scan:

Now lets get the services running on the VM to proceed further.

Here I got only two services running on it but looking ahead for the service exploits of respective versions got nothing may be thats a bed-luck of mine.

Calling the ip on web got nothing but a single image.

I have nothing but the tool “dirb” may help further.

Here wordpress is running on the machine in another directory named “blog” so I switched to web without wasting nay time.

I fired the wpscan tool on this to get more details.

And the vulnerable plugin is with me, I checked the exploit and got it.

I uploaded my php reverse shell file.

As the path o f the file is already displayed here after it get upload so I fired up a listener to get the shell.

And here I got it. On further enumerating here I got the first flag on this series which is a base64 encrypted.

Further checking the /home directory I got two users named “ginny” and “hagrid98” so I used them to check the user name of wordpress and got that “hagrid98” is a wordpress user. So to get the password I brute forced it.

hagrid98 : password123

I switched to the user hagrid98 and enumerated further but got nothing, so I switched to cronjobs running on it.

Used a tool named “pspy” to monitor the events running and found that a file named “.backup.sh” in “opt” directory is running as root every 2 minutes apx.

Without wasting much time I used the .backup.sh file to get the root shell and put a listener on to get the shell.

Here I got the root privileges of the machine.

Enjoyed and learned much with this VM thanks to the author of the VM.

Hope you like it. For any query DM me.