FourAndSix 2.1: CTF Walkthrough

In this article, we will solve a Capture the Flag (CTF) challenge that was posted on VulnHub by the author Fred. As you may be aware from my previous articles, VulnHub is a platform that provides vulnerable applications/machines for use to gain practical hands-on experience in the field of information security. You can check my previous articles for more CTF challenges. I have also provided a downloadable URL for this CTF below; you can download the machine and run it on VirtualBox.

The torrent downloadable URL is also available for this VM; it has been added in the reference section of this article.

AWS Builder Community Hub

For those who are not aware of the site, VulnHub is a well-known website which aims to provide security researchers with a way to learn and practice their hacking skills through a series of challenges in a safe and legal environment. You can download vulnerable machines from this website and try to exploit them. There are a lot of other challenging CTF exercises available on and I highly suggest attempting them, as it is a good way to sharpen your skills and learn new techniques.

Please Note: For these machines, I have used Oracle Virtual Box to run the downloaded machine. I am using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.


Step 1

The first step is to identify the target machine IP address; we can do this by running the netdiscover command. The output of the command can be seen in the following screenshot. [CLICK IMAGES TO ENLARGE]

Command : << netdiscover >>

So the target machine IP address is and my Kali (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nikhil Kumar. Read the original post at: