Cheran: 1 Vulnhub Walkthrough

Hello Guys! Today we are going to take another vulnhub boot2root challenge known as Cheran: 1. The credit for making this VM machine goes to Shadow Phreak and this is a Beginner level Box. You can download here this VM

Network Scanning

Let’s start with scanning the network to find our target.

sudo netdiscover
Cheran: 1  Vulnhub Walkthrough

We found our target IP address and our next step is scanning our target all port and running service using the Nmap command.

nmap -sV 192.168.43.197

Nmap output is shows us that there are 4 ports open 22/SSH, 80/HTTP and 139,445/Samba Server.

Enumeration

We found that port 80 is running an HTTP Apache server, so we open the IP in our browser. We take a look at the source code of the web page, but We are not able to do anything with it.

http://192.168.43.197
Cheran: 1  Vulnhub Walkthrough

After checking some basic stuff we didn’t find any useful things then we run the gobuster for directory brute-forcing.

gobuster dir --url http://192.168.43.192 -w /usr/share/wordlists/dirb/common.txt

gobuster show many directories we will check one by one and we found two useful directory /users and youtube. let’s navigate the users URL and here we found a .html file After reading the page source code we have an brainfuck encode the string.

http://192.168.43.192/users/Rajasimha.html
Cheran: 1  Vulnhub Walkthrough

we copy the braifuck code and decode it and we see a message ( This is the Username… ) Then we thinking 🙂

Cheran: 1  Vulnhub Walkthrough

currently we have a username let’s check the second directory /youtube and here we see many YouTube URLs we open the every YouTube link and we found a Password:

http://192.168.43.197/youtube/youtube.html
Cheran: 1  Vulnhub Walkthrough

using these credentials we log in with the target machine SSH server and we successfully login with user Rajasimha.

sudo ssh [email protected]
Cheran: 1  Vulnhub Walkthrough

Privilege Escalation

Now, it’s time for that part of the CTF gain the root access. we run the sudo -l command for checking sudoers users entry. After run the command we see our user can run the /bin/bash command as a root user without root password.

sudo -l

we can easily escalate our privileges by using the command.

sudo -u#-1 /bin/bash
cd /root

we are in the root directory we’ll read the root.txt file by using the command

ls
cat root.txt
Cheran: 1  Vulnhub Walkthrough

Sumo link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →