bossplayersCTF: 1 walkthrough vulnhub

bossplayersCTF: 1 walkthrough vulnhub CTF | bossplayersCTF: 1 Vulnhub writeup

In this article, we are solving bossplayersCTF: 1 Vulnhub CTF the motto of the lab is the root account access this VM is created by Cuong Nguyen.

you can Download here this VM here

Description bossplayersCTF: 1

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF’s. It should take around 30 minutes to root.

Network Scanning

Let’s start by scanning the network to find our target. In my case, the IP is 192.168.1.109

bossplayersCTF: 1  walkthrough vulnhub

Our Next step is scanning all port and services our target machine.

Our Nmap scanning is complete and we see the target machine open port 22 SSH, and 80 HTTP

Enumeration

we find that port 80 is running http, so we open the IP in our browser.

bossplayersCTF: 1  walkthrough vulnhub

The front page I didn’t see any important stuff I move on our next step checking the source code of the webpage and last of the page I found a base64 encode the value.

bossplayersCTF: 1  walkthrough vulnhub

First-time decode

Second-time decode

Last time decode and we see some interesting php file location

bossplayersCTF: 1   vulnhub writeup

and I tried to open this file our browser and it shows me system install file and Outstanding and we see a text Test ping command comment

we tried to open the passwd file using cat command through the URL and we see the target passwd file that’s mean this URL is a vulnerable command injection

bossplayersCTF: 1   vulnhub writeup

we are continuing with Metasploit’s web delivery Module to compromise the host machine in order to obtain a reverse connection.

bossplayersCTF: 1  walkthrough  vulnhub

This will generate a malicious PHP code which you’ll use for command execution on the web URL I copy the malicious code and paste it inside the URL and hit enter

we see the terminal new meterpreter session is open

bossplayersCTF: 1  walkthrough  vulnhub

After running the shell command we see a blank shell

Importing spawn shell through python3 run this command

I start to enumerate the target machine but I didn’t find an important file directory

Privilege Escalation

Moving on, privilege escalation By using the following command you can enumerate all binaries file having SUID permissions: set

we see the many files but I focus on find command I search on google and I found a find command privilege escalation script

I move on the root user home directory ls command to we see our root flag

Reading root Flag

Sar: 1 Vulnhub walkthrough link