SBN

Temple of Doom 1: CTF Walkthrough Part 2

In this article, we’ll continue to solve the Temple of Doom CTF challenge which was posted on VulnHub website by 0katz.

This is the part two of this CTF. In the previous article, we were able to get the limited access shell of the target machine.  As per the VM description by the author on the website, the aim of this CTF is to get the root access of the target machine. In this article, we will learn to get the root access on the target machine and read the flag file. If you have not read the previous part, it is advised to go through the previous installment here.

Please Note: For all of these machines, I have used Oracle Virtual Box to run the downloaded machine. I will be using Kali Linux as the attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.

We will be using 192.168.1.9 as the target machine IP address and 192.168.1.45 as the attacker’s IP. Note that these IP addresses may be different on your network, as these are assigned by the DHCP.

The Walkthrough

Let’s proceed from the last part of this article. We already had the shell access of this target machine, but this is not the root of the system.

After spending some time and exploring the target machine with the limited shell, I found that there is another user in the target system. This user is called “fireman.” I identified it by analyzing the “/etc/password” file. It can also be seen in the highlighted area in the following screenshot.

Command Used : cat /etc/passwd

I tried to access this user’s home directory (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nikhil Kumar. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/iMMtfXmQlsE/