Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
651 views6 pages

Easy Vulnhub CTF Walkthrough

This document summarizes a walkthrough of the "CyberSploit: 1" boot2root challenge on Vulnhub. The summary includes: Reconnaissance using Netdiscover and Nmap to identify the host IP and open ports. Enumeration using Gobuster found several files including the SSH username in the source code. Exploitation involved decoding a base64 encoded message found in robots.txt with CyberChef to get the first password flag. Privilege escalation to root was achieved by exploiting an overlayfs kernel vulnerability to compile and run a root exploit.

Uploaded by

eve johnson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
651 views6 pages

Easy Vulnhub CTF Walkthrough

This document summarizes a walkthrough of the "CyberSploit: 1" boot2root challenge on Vulnhub. The summary includes: Reconnaissance using Netdiscover and Nmap to identify the host IP and open ports. Enumeration using Gobuster found several files including the SSH username in the source code. Exploitation involved decoding a base64 encoded message found in robots.txt with CyberChef to get the first password flag. Privilege escalation to root was achieved by exploiting an overlayfs kernel vulnerability to compile and run a root exploit.

Uploaded by

eve johnson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

CyberSploit: 1 Vulnhub Walkthrough

posted inCTF Challenges on July 10, 2020 by Raj Chandel


SHARE

Today we are going to solve another boot2root challenge called “CyberSploit: 1”.  It’s
available at Vulnhub for penetration testing. This is an easy level lab.  The credit for making
this lab goes to cybersploit1. Let’s get started and learn how to successfully break it down.
Level: Easy

Since these labs are available on the Vulnhub website. Let’s download the lab file from here.

Penetration Testing Methodology

Reconnaissance

 Netdiscover
 Nmap

Enumeration

 Gobuster

Exploiting

 Basic Cryptography
 CyberChef

Privilege Escalation

 Local Privilege Escalation ‘Overlays’


 Capture the flag

Walkthrough

Reconnaissance

As always we identify the host’s IP with the “Netdiscover” tool:

netdiscover

1 netdiscover
So, let’s start by listing all the TCP ports with nmap.

nmap –sV -sC -p- 192.168.10.1

1 nmap –sV -sC -p- 192.168.10.190

To work more comfortably, I’ll put the IP address in /etc/hosts.


Enumeration

We access the web service and review the source code. We find the SSH user name.

It’s time to fuzzing! We used Gobuster and found several files. We examined the robots.txt
and found a base64 text.
Exploiting

We use curl and add “base64 -d” to the command to decode the message in plain text. We get
the first flag, the flag is the user’s password “itsskv“.

We access with the obtained credentials and read the file “flag2.txt“. Inside, we find a new
code, this time it’s “binary code“.
We use the online tool “Cyberchef” and we get the second flag.

Privilege Escalation (root)


The root is quite simple (as the creator of the machine said it was easy level). The machine
has a kernel vulnerable to “overlayfs: Local Privilege Escalation“. We download the
exploit, compile it on the victim machine and run it. We get a root prompt and read our flag.

Author: David Utón is Penetration Tester and security auditor for Web applications,
perimeter networks, internal and industrial corporate infrastructures, and wireless networks
Contacted on LinkedIn and Twitter.

Share this:

 Click to share on Twitter (Opens in new window)


 Click to share on Facebook (Opens in new window)

You might also like