Source 1: VulnHub CTF walkthrough
In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by an author named darkstar7471. Per the description given by the author, this is an entry-level CTF.
The target of this CTF is to get to the root of the machine and read the flag file. The compressed OVA file of the CTF can be downloaded here.
You can download the machine and run it on VirtualBox or VMWare. The torrent downloadable URL is also available for this VM and has been added in the reference section of this article. Prerequisites would be having some knowledge of Linux commands and ability to run some basic pentesting tools.
For those who are not aware of the site, VulnHub is a well-known website for security researchers which aims to provide users with a way to learn and practice their hacking skills through a series of challenges in a safe and legal environment. You can download vulnerable machines from this website and try to exploit them. There are a lot of other challenging CTF exercises available on vulnhub.com and I highly suggest attempting them, as it is a good way to sharpen your skills and learn new techniques in a safe environment.
Please note: For all these machines, I have used Oracle VirtualBox to run the downloaded machine. I am using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.
The steps
- Getting the target machine IP address by using the Netdiscover utility
- Identifying open ports with Nmap
- Enumerating HTTP service with Burp Suite
- Identifying exploit
- Configuring webmin exploit in Metasploit
- Exploiting and reading the root flag
The walkthrough
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by LetsPen Test. Read the original post at: https://resources.infosecinstitute.com/source-1-vulnhub-ctf-walkthrough/
