In this article, we will solve a Capture the Flag (CTF) challenge that was posted on VulnHub by berzerk0. As per the description given by the author, this is a beginner-level CTF but requires more than just an ExploitDB search or Metasploit to run. This makes this CTF especially interesting.
You can check my previous articles for more CTF challenges. I have also provided a downloadable URL for this CTF here; you can download the machine and run it on VirtualBox. The torrent downloadable URL is also available for this VM and has been added in the reference section of this article.
VulnHub is a well-known website for security researchers which aims to provide users with a way to learn and practice their hacking skills through a series of challenges in a safe and legal environment. You can download vulnerable machines from this website and try to exploit them. There are a lot of other challenging CTF exercises available on vulnhub.com and I highly suggest attempting them, as it is a good way to sharpen your skills and learn new techniques in a safe environment.
Please Note: For all of these machines, I have used Oracle Virtual Box to run the downloaded machine. I am using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.
Summary of the Steps
The summary of the steps involved in solving this CTF is given below.
- Identifying target host by using the Netdiscover utility
- Identifying open port by using the Nmap scan
- Enumerating HTTP service by using the Dirb utility
- Extracting information from the Internet about the target
- Cracking password hashes
- Launching dictionary attack with Hydra
- Accessing POP3 (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Nikhil Kumar. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/UW_483BTqdE/