Hello Guys! Today we are going to take another vulnhub boot2root challenge known as Cheran: 1. The credit for making this VM machine goes to Shadow Phreak and this is a Beginner level Box. You can download here this VM
Network Scanning
Let’s start with scanning the network to find our target.
sudo netdiscover

We found our target IP address and our next step is scanning our target all port and running service using the Nmap command.
nmap -sV 192.168.43.197

Nmap output is shows us that there are 4 ports open 22/SSH, 80/HTTP and 139,445/Samba Server.
Enumeration
We found that port 80 is running an HTTP Apache server, so we open the IP in our browser. We take a look at the source code of the web page, but We are not able to do anything with it.
http://192.168.43.197

After checking some basic stuff we didn’t find any useful things then we run the gobuster for directory brute-forcing.
gobuster dir --url http://192.168.43.192 -w /usr/share/wordlists/dirb/common.txt

gobuster show many directories we will check one by one and we found two useful directory /users and youtube. let’s navigate the users URL and here we found a .html file After reading the page source code we have an brainfuck encode the string.
http://192.168.43.192/users/Rajasimha.html

we copy the braifuck code and decode it and we see a message ( This is the Username… ) Then we thinking 🙂

currently we have a username let’s check the second directory /youtube and here we see many YouTube URLs we open the every YouTube link and we found a Password:
http://192.168.43.197/youtube/youtube.html

using these credentials we log in with the target machine SSH server and we successfully login with user Rajasimha.
sudo ssh [email protected]

Privilege Escalation
Now, it’s time for that part of the CTF gain the root access. we run the sudo -l command for checking sudoers users entry. After run the command we see our user can run the /bin/bash command as a root user without root password.
sudo -l
we can easily escalate our privileges by using the command.
sudo -u#-1 /bin/bash
cd /root

we are in the root directory we’ll read the root.txt file by using the command
ls
cat root.txt

Sumo Vulnhub Walkthrough link
