ZION: 1.2 — VulnHub CTF walkthrough (part 1) - Security Boulevard

ZION: 1.2 — VulnHub CTF walkthrough (part 1)

Introduction

In this article, we will solve a Capture the Flag (CTF) challenge that was posted on the VulnHub website by André Henrique. Per the description given by the author, you must “Help Morpheus to leave the Matrix and return to Zion.” To do so, we have to find and read two flags (user and root).

You can check my previous articles for more CTF challenges. I have also provided a downloadable URL for this CTF here.

You can download the machine and run it on VirtualBox. The torrent downloadable URL is also available for this VM and has been added in the reference section of this article.

For those who are not aware of the site, VulnHub is a well-known website for security researchers which aims to provide users with a way to learn and practice their hacking skills through a series of challenges in a safe and legal environment. You can download vulnerable machines from this website and try to exploit them. There are a lot of other challenging CTF exercises available on VulnHub and I highly suggest attempting them, as it is a good way to sharpen your skills and learn new techniques in a safe environment.

Please note: For all these machines, I have used Oracle Virtual Box to run the downloaded machine. I am using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes and I am not responsible if the listed techniques are used against any other targets

The steps

  1. Getting the IP address by running the VM
  2. Port scanning through Nmap
  3. Enumerating the web application with the Dirb utility
  4. Analyzing the application through Burp Suite and decoding the password
  5. Password brute-forcing with Burp Suite
  6. Getting into the system with SSH

The walkthrough

Step (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by LetsPen Test. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/LKnfFH2ZRWc/