Me and My Girlfriend 1: CTF walkthrough

In this article, we will solve a Capture the Flag (CTF) challenge which was posted on VulnHub. As you may know from previous articles, VulnHub is a platform which provides vulnerable applications/machines to help users gain practical hands-on experience in the field of information security.

You can check my previous articles for more CTF challenges. I have also provided a downloadable URL for this CTF here, so you can download the machine and run it on VirtualBox. The torrent downloadable URL is also available for this VM; it has been added in the reference section of this article.

As per the information given on VulnHub, this was posted by the author TW1C3. This is a beginner-level CTF and the challenge consists of capturing two flags and getting access to the root. Prerequisites would be having some knowledge of Linux commands and ability to run some basic pentesting tools.

Please note: For all these machines, I have used Oracle VirtualBox to run the downloaded machine. I am using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.

So now that we have all the information that we need, let’s get started with the challenge.

The steps

This is the summary of the steps which I used in solving this CTF.

  1. Getting the target machine IP address by running the Netdiscover command
  2. Scanning open ports by using Nmap
  3. Enumerating HTTP service with Dirb
  4. Bypassing website access restrictions
  5. Finding and exploiting vulnerabilities
  6. Getting the root access

The walkthrough

Step 1

After downloading and running this machine on VirtualBox, the first step is to explore the VM by running the netdiscover command to get the IP address of the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by LetsPen Test. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Nl-AlGmDnVM/