Aqua 1: VulnHub Capture the Flag (CTF) walkthrough

In this article, we will find an answer to a Capture the Flag (CTF) challenge published on VulnHub by the author yunaranyancat. As per the information given by the author, the difficulty level of this CTF is hard and there is one intended way to get the low privilege user, but there are two different ways to get the root access of this CTF.

To complete this CTF, we have to capture two flags. Prerequisites for this CTF would be to have some knowledge of Linux commands and the ability to run some basic penetration testing tools.

As you may know from previous articles, VulnHub is a platform which provides vulnerable applications/machines for learners to gain practical hands-on experience in the field of information security. You can check my previous articles for more CTF challenges. I have also provided a downloadable URL for this CTF; you can download the machine and run it on VirtualBox.

The torrent downloadable URL is also available for this VM. It’s been added in the reference section of this article.

Please note: For all of these machines, I have used Oracle Virtual Box to run the downloaded machine. I am using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.

The steps

The summary of steps required for solving this CTF is given below.

  1. Get the victim machine IP address by running the netdiscover utility
  2. Scan open ports by using the nmap scanner
  3. Enumerate HTTP service with Dirb and Nikto Vulnerability Scanner
  4. Identify the local file inclusion vulnerability (LFI) and use it for more enumeration
  5. More enumeration with LFI
  6. Open the FTP port by using the port-knocking sequence
  7. Upload the shell (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by LetsPen Test. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/rp1-hJ6Cc_w/