Hello Guys! Today we are going to take another vulnhub boot2root challenge known as Cheran: 1. The credit for making this VM machine goes to Shadow Phreak and this is a Beginner level Box. You can download here this VM
Let’s start with scanning the network to find our target.
We found our target IP address and our next step is scanning our target all port and running service using the Nmap command.
nmap -sV 192.168.43.197
Nmap output is shows us that there are 4 ports open 22/SSH, 80/HTTP and 139,445/Samba Server.
We found that port 80 is running an HTTP Apache server, so we open the IP in our browser. We take a look at the source code of the web page, but We are not able to do anything with it.
After checking some basic stuff we didn’t find any useful things then we run the gobuster for directory brute-forcing.
gobuster dir --url http://192.168.43.192 -w /usr/share/wordlists/dirb/common.txt
gobuster show many directories we will check one by one and we found two useful directory /users and youtube. let’s navigate the users URL and here we found a .html file After reading the page source code we have an brainfuck encode the string.
we copy the braifuck code and decode it and we see a message ( This is the Username… ) Then we thinking 🙂
currently we have a username let’s check the second directory /youtube and here we see many YouTube URLs we open the every YouTube link and we found a Password:
using these credentials we log in with the target machine SSH server and we successfully login with user Rajasimha.
sudo ssh [email protected]
Now, it’s time for that part of the CTF gain the root access. we run the sudo -l command for checking sudoers users entry. After run the command we see our user can run the /bin/bash command as a root user without root password.
we can easily escalate our privileges by using the command.
sudo -u#-1 /bin/bash cd /root
we are in the root directory we’ll read the root.txt file by using the command
ls cat root.txt