{"id":3047,"date":"2025-07-10T10:16:40","date_gmt":"2025-07-10T10:16:40","guid":{"rendered":"https:\/\/myvlcsys.com\/?p=3047"},"modified":"2025-07-10T10:16:40","modified_gmt":"2025-07-10T10:16:40","slug":"ciber-dockerlabs-firsthacking-writeup","status":"publish","type":"post","link":"https:\/\/myvlcsys.com\/?p=3047","title":{"rendered":"Ciber: DockerLabs [FirstHacking-WriteUp]"},"content":{"rendered":"\n<p>En el siguiente WriteUp, vamos a resolver la m\u00e1quina de la plataforma de DockerLabs\u00a0<strong>FirstHacking<\/strong>, clasificada con nivel de seguridad \u201cMuy F\u00e1cil\u201d.<\/p>\n\n\n\n<p><strong>T\u00e9cnicas aplicadas para la resoluci\u00f3n de la m\u00e1quin<\/strong>a:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Escaneo de Puertos<\/li><li>Metasploit<\/li><\/ul>\n\n\n\n<p><strong>Descargamos la m\u00e1quina docker desde la url de dokerlabs:<\/strong><\/p>\n\n\n\n<p class=\"has-white-color has-black-background-color has-text-color has-background\">megadl\u00a0https:\/\/mega.nz\/file\/oCd2VC5D#QfiRoFmZrZ-FjTuyRX9bLw7638fjluwp6jNth7JjXTw<\/p>\n\n\n\n<p><strong>Fase exploraci\u00f3n:<\/strong><\/p>\n\n\n\n<p>Desplegamos la m\u00e1quina vulnerable con el siguiente comando, desde la carpeta que hayamos descargado y descomprimido el .zip<\/p>\n\n\n\n<p class=\"has-white-color has-black-background-color has-text-color has-background\">sudo bash auto_deploy.sh firsthacking.tar<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfMtT9zvkpXfMC4DsEX5mer7qsiY3Iryoin3VZZV7J8GOzZP8tR1cKbecHTZqHiEsoDsiFypqQqOOLmsVSOkGO7tgoSoh5xZFssb-mTyPTOIPeX2lf-8L6-MoVqG4-qF8eNWUX8Cg?key=Eu40ktDUeUx580XaCZ0HQA\" alt=\"\"\/><\/figure>\n\n\n\n<p>Comprobamos que tenemos conectividad con la m\u00e1quina, realizando un ping a la ip objetivo.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdNXG5eq_W2p9xrIYqK5VUoXG16wdY1LUspzqmx8K5LTekdT5dJKi6lRBY6xl79sdikcffgFVBIoCp6-8Gin-qcYrTzfSZ3wuN6DeekVTXxUDUoqTNYgDZGBMW02eVJyogCvf3i7A?key=Eu40ktDUeUx580XaCZ0HQA\" alt=\"\"\/><\/figure>\n\n\n\n<p><strong>Realizamos un an\u00e1lisis de los puertos abiertos, para analizar las posibles vulnerabilidades.\u00a0<\/strong><\/p>\n\n\n\n<p class=\"has-white-color has-black-background-color has-text-color has-background\">nmap -sV -A -Pn 172.17.0.2<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXesG_LC3WwKTxrAjM6gPS4yfuehjv7ViHwGzDyZM2u-_bvDSZ7RY89Od4hqwkkikDpXE2YAhuEN4XaAWL_qSQywRT2ZpErDXT7qUM4JGPC-GBb9TDntJXukrGRV6yxgYoBW_zxpUA?key=Eu40ktDUeUx580XaCZ0HQA\" alt=\"\"\/><\/figure>\n\n\n\n<p>Identificamos que est\u00e1 abierto \u00fanicamente el puerto 21, en el que corre el servicio de FTP. Este servicio est\u00e1 usado por el servicio VSFTP de la versi\u00f3n 2.3.4.<\/p>\n\n\n\n<p><strong>Fase explotaci\u00f3n:<\/strong><\/p>\n\n\n\n<p>Para atacar est\u00e1 vulnerabilidad usaremos la herramienta para &nbsp;hacking \u00e9tico Metasploit Framework. Para ejecutarlo usamos el comando msfconsole (<em>-q<\/em> si no queremos que se muestre el banner del programa en la terminal).<\/p>\n\n\n\n<p>Ejecutamos en la consola msfconsole, para entrar en Metasploit y buscaremos un exploit (con el comando serach) para explotar la vulnerabilidad de vsftp:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcaH7q_vqVQnpcfb3C_YypOyCzI7VD2tJkpiWdCiaqWMdKrbdzLmY_dxyJbtIb-aWRD2fVuSCfKgMhVQ-MU8M4bpEj9Z-CXIvro4abTLgJ8NsCuuWHdksnaTxBdD_VQlAAMAqPdbA?key=Eu40ktDUeUx580XaCZ0HQA\" alt=\"\"\/><\/figure>\n\n\n\n<p>Con los exploit que nos encuentra usaremos el exploit 1, que dice que es de un uso excelente, ejecutaremos los siguientes comandos:<\/p>\n\n\n\n<p class=\"has-white-color has-black-background-color has-text-color has-background\">search vsftp\u00a0\u00a0<br>use 1<br>show options<br>set RHOSTS $ipvictima<br>run<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdE7bgNldxXjqwQ3fWh1PAHQiS5EZEBCfZT4SKI05rLk99MCFuucdKJxodMKXB9NnFxa3hBnvsfHnPll9ukNXqYuZv-RJcy9V4iHAhuWfev1jmAObyjdo9FZq0ZF46MCFeOAvFK?key=Eu40ktDUeUx580XaCZ0HQA\" alt=\"\"\/><\/figure>\n\n\n\n<p>como podemos observar ya estamos dentro de la m\u00e1quina objetivo con privilegios de \u201croot\u201d. Dar\u00edamos as\u00ed por finalizada la intrusi\u00f3n al m\u00e1quina.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>En el siguiente WriteUp, vamos a resolver la m\u00e1quina de la plataforma de DockerLabs\u00a0FirstHacking, clasificada con nivel de seguridad \u201cMuy F\u00e1cil\u201d. T\u00e9cnicas aplicadas para la resoluci\u00f3n de la m\u00e1quina: Escaneo&hellip; <\/p>\n","protected":false},"author":4,"featured_media":2974,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[60,74,10,42,73],"tags":[61,25,47,24],"class_list":["post-3047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ciberseguridad","category-dockerlabs","category-linux","category-lunes-de-comandos","category-writeups","tag-ciberseguridad","tag-linux","tag-myvlcsys","tag-terminal"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts\/3047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3047"}],"version-history":[{"count":2,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts\/3047\/revisions"}],"predecessor-version":[{"id":3049,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/posts\/3047\/revisions\/3049"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=\/wp\/v2\/media\/2974"}],"wp:attachment":[{"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/myvlcsys.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}