Vulnhub Machines Walkthrough Series — Mr. Robot

Continuing with our series on interesting Vulnhub machines, in this article we will see a walkthrough of the machine entitled Mr. Robot.

Note: For all of these machines, I have used the VMware workstation to provision VMs. Kali Linux VM will be my attacking box. Please remember that the techniques used are solely for educational purposes: I am not responsible if the listed techniques are used against any other targets.

Download

VM Details (from Vulnhub)

  • Based on the show “Mr. Robot.”
  • This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find.
  • The VM isn’t too difficult. There isn’t any advanced exploitation or reverse engineering. The level is considered beginner-intermediate.

Walkthrough

1. Download the Mr. Robot VM from the above link and provision it as a VM.

2. Let’s start with enumeration. First, we need to identify the IP of this machine. Let’s use netdiscover to identify the same. Below we can see netdiscover in action. The IP of the victim machine is 192.168.213.136.

3. Now that we know the IP, let’s start with enumeration. We will use nmap to enumerate the host. Below are the nmap results of the top 1000 ports.

4. Since we can see port 80 is opened, the first thing I always do before running tools such as nikto or gobuster is to look for known pages such as robots.txt.

5. As we can see below, we have a hit for robots.txt.

We got one of the keys! (Remember, the goal is to find three keys.)

6. As we noticed from the robots.txt file, there is also a file called fsocity.dic, which looks to be a dictionary file. We download it, remove the duplicates (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Security Ninja. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/eNEfM0uwiYM/