BSides Vancouver: 2018 Walkthrough

In this article, we will learn to solve a Capture the Flag (CTF) challenge which was posted on VulnHub by “Abatchy.” This CTF is a part of BSides Vancouver series as per the information given on the VulnHub website. According to the information given in the description by the author of the challenge, this is an entry level boot2root web-based challenge. This challenge aims to gain root privilege through a web application hosted on the machine. You can use the following link to download the VM and launch it on VirtualBox:

• https://download.vulnhub.com/bsidesvancouver2018/BSides-Vancouver-2018-Workshop.ova
  

The torrent downloadable URL is also available for this VM, which is given in the reference section at the end of this article. For those who are new to CTF challenges and are not aware of this platform, VulnHub is a well-known website for security researchers which provide users with a method to learn and practice their hacking skills through a series of challenges in a safe and legal environment.

After downloading and running this machine on VirtualBox, we started by running the Netdiscover command to obtain the IP Address of the target machine. The command and its output can be seen in the screenshot given below:

Command Used: netdiscover

As shown in the above screenshot, we have obtained the Virtual Machine IP address, i.e., 192.168.11.3 (the Target Machine IP Address).

We will now be using 192.168.11.11 as the attacker IP address.

Please Note the Target and the Attacker machine IP address may be different depending on the network configuration.

Now we have the target machine IP; the first step is always to find out the ports and services that are available on the target machine. An Nmap full port scan is used for this purpose. (Read more...)