Cheran: 1 Vulnhub Walkthrough

Hello Guys! Today we are going to take another vulnhub boot2root challenge known as Cheran: 1. The credit for making this VM machine goes to Shadow Phreak and this is a Beginner level Box. You can download here this VM

Network Scanning

Let’s start with scanning the network to find our target.

Cheran: 1  Vulnhub Walkthrough

We found our target IP address and our next step is scanning our target all port and running service using the Nmap command.

Nmap output is shows us that there are 4 ports open 22/SSH, 80/HTTP and 139,445/Samba Server.

Enumeration

We found that port 80 is running an HTTP Apache server, so we open the IP in our browser. We take a look at the source code of the web page, but We are not able to do anything with it.

Cheran: 1  Vulnhub Walkthrough

After checking some basic stuff we didn’t find any useful things then we run the gobuster for directory brute-forcing.

gobuster show many directories we will check one by one and we found two useful directory /users and youtube. let’s navigate the users URL and here we found a .html file After reading the page source code we have an brainfuck encode the string.

Cheran: 1  Vulnhub Walkthrough

we copy the braifuck code and decode it and we see a message ( This is the Username… ) Then we thinking 🙂

Cheran: 1  Vulnhub Walkthrough

currently we have a username let’s check the second directory /youtube and here we see many YouTube URLs we open the every YouTube link and we found a Password:

Cheran: 1  Vulnhub Walkthrough

using these credentials we log in with the target machine SSH server and we successfully login with user Rajasimha.

Cheran: 1  Vulnhub Walkthrough

Privilege Escalation

Now, it’s time for that part of the CTF gain the root access. we run the sudo -l command for checking sudoers users entry. After run the command we see our user can run the /bin/bash command as a root user without root password.

we can easily escalate our privileges by using the command.

we are in the root directory we’ll read the root.txt file by using the command

Cheran: 1  Vulnhub Walkthrough

Sumo Vulnhub Walkthrough link