VulnHub: DMV 1


  1. Scan network

2. Scan for open ports

3. Scan for open ports with high port number

4. Scan for service

5. Scan for vulnerability

6. Fuzzing directory

7. Try login to ssh

8. Access site


  1. Seems like it’s youtube downloader

2. Let’s try some video

Paste Video ID


3. Let’s try again with other video

Still error!!!

4. Intercept with Burp Suite

Send to Repeater

Send the request, there’s an error in result

5. Let’s google the result
I came across to this link:

Access project page, read the manual

6. Back to repeater, try some command

Read passwd file


Replace space with “${IFS}”

7. Reverse shell
Create listener

Try reverse shell command



Let’s try another way, I will upload reverse shell file to victim’s machine instead

Create python reverse shell and save it as “”

Create HTTP Server

Back to repeater

Privilege Escalation

  1. First flag

2. Get root access

Back to attacker’s machine, we already have listener on port 1234.

Wait for a moment

Now, I have root shell



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store