Capture the flag: A walkthrough of SunCSR’s Sumo

Introduction

Welcome to my write-up for the Sumo machine from VulnHub. This is a beginner-level, intentionally vulnerable virtual machine created for the purposes of testing and strengthening one’s abilities. I hope you enjoy reading this as much as I enjoyed rooting and writing!

Setup

The download page is here. Always read the description to see if there’s anything the author shared that they think is important. It mentions that this machine was tested with VMware Workstation, but I did not have any issues with VirtualBox. DHCP is also enabled, so we will need to discover the host’s address after it boots. 

We download the .vdi file and import it into VirtualBox as usual. I then like to go in and ensure the network setting is set to “host-only” so that it is not exposed to anyone except my attacking machine. [CLICK IMAGES TO ENLARGE]

With that out of the way, we are ready to start scanning this machine!

Scanning

I like to start off with an nmap ping scan to find the vulnerable host. If that doesn’t work, I’ll try netdiscover. This machine is located at 192.168.1.8, and with that information, we can scan for some open ports.

Only SSH and a web server are exposed at the moment, which is common with a CTF-style box such as this. The searchsploit command allows us to search Exploit-DB for known vulnerabilities in software, but it didn’t report anything useful for either the SSH or HTTP server versions. 

Browsing the website shows a default “It works!” page, and there’s nothing interesting in the page’s source code, nor is there a robots.txt file. Let’s see if our friend Nikto can find anything for us.

There is an unusual header with a CVE number in it in (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Thomas Herrell. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Hgd_A0T9vgo/