Capture the flag: A walkthrough of SunCSR’s Geisha

Introduction

Welcome to my write-up for the Geisha machine from VulnHub. This is a beginner- to intermediate-level, intentionally vulnerable virtual machine created for the purposes of testing and strengthening one’s abilities. I hope you enjoy reading this as much as I enjoyed rooting and writing!

Setup

The download page is here. Always read the description to see if there’s anything the author shared that they think is important. In this case, it mentions that this machine was tested with VMware Workstation, and this time I took the author’s advice and ran it in VMware. DHCP is also enabled, so we will need to discover the host’s address after it boots.

We download the .zip file and import the .vmx into VMware as usual. I then like to go in and ensure the network setting is set to a “host-only” network so that it is not exposed to anyone except my attacking machine. My attacking machine is also in VMware, and we just need to ensure it also has a network interface connected to the host-only network.

With that out of the way, we are ready to start scanning this machine!

Scanning

I like to start off with an nmap ping scan to find the vulnerable host. If that doesn’t work, I’ll try netdiscover. It’s easy to identify our target as its IP address is the only one found besides my attacker’s (seems VMware’s host-only network doesn’t work the same as VirtualBox’s, where I also see my host machine and the virtual network’s DHCP server addresses). This machine is located at 192.168.237.128, and with that information, we can scan for some open ports.

Here I have only shown a port scan without OS detection or having scripts run, but that is so the screenshot is not too long. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Thomas Herrell. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/xwMeyOiPH6k/