PWNOS: 2.0 (PRE-RELEASE) Walkthrough

pWnOS v2.0 is a Virutal Machine Image which hosts a server to pratice penetration testing. It will test your ability to exploit the server and contains multiple entry points to reach the goal (root). It was design to be used with WMWare Workstation 7.0, but can also be used with most other virtual machine software.

For set-up:



  1. Get some usernames and bruteforce though SSH.
  2. Possible CMS with vulnerability.
  3. Website with SQLi or LFI or RCE.

More Enumeration…

📌 OS: Debian Ubuntu

  1. SSH

Possible User Enumeration.


  • Manual Testing (3-steps)

Seems like worth taking a deep look 🔑
  • Nikto Scan

  • Gobuster
It’s SPHPBlog 🤔
It is Simple PHP Blog 0.4.0–191340

Finding POI (Point Of Intrusion)

The blog version is Simple PHP Blog 0.4.0

Using Metasploit…

Got the reverse shell…..


Privilege Escalation

Use the following the find PHP — MySQL pwd:

  • find / -type f -exec grep -ln “sql.connect” {} \; 2>/dev/null
  • find / -type f -exec grep -l -n “DB_PASSWORD” {} \; 2>/dev/null


  1. Dan:c2c4b4e51d9e23c02c15702c136c3e950ba9a4af

After decrypting,


However, that did not work with SSH.

Let’s try root:

DEFINE (‘DB_USER’, ‘root’);



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

The world is full of obvious things which nobody by any chance ever observes.