EVM: 1 walkthrough vulnhub ctf

EVM: 1 walkthrough vulnhub ctf | EVM: 1 vulnhub writeup ctf

Today we are solving vulnhub another CTF EVM: 1 is created by Ic0de this VM is beginner user you can download here

Description EVM: 1

This is a super friendly box intended for Beginner’s

Network Scanning

First, we scanning our network and finding our target IP address

in my case, my target IP is 192.168.1.5

our next step is scanning all ports and services with Nmap basic service version scan

Enumeration

we see the target machine many port open but I generally concentrate on port 80 I open the target Ip our browser and we see the default apache2 ubuntu default page

I looking the apache default page then I found a hint You can find me at /WordPress without wasting our time I move on wpscan WordPress scanner and -e u Parameter use all user enumerate

and we found a user c0rrupt3d_brain next step is brute force password attack I used big wordlist file rockyou.txt and -t parameter to upgrade threads

Exploitation

Finally, 10-15 later we found a valid password I search exploit-db and I found an exploit WordPress file upload I fill all information which is required this exploit

Our Metasploit attack is successful and meterpreter session is open now I ran the shell command and we see blank shell

bypassing the shell using python3 spawn shell importing

After enumeration the system directory and file, I found a hidden file root_password_ssh.txt I open the file cat command and we see root user password

Privilege Escalation

We already found root account password I run the su ( switch user ) root command and paste the password willy26 and I got root shell I move on the root user home directory and I found a file proof.txt

Reading our root proof.txt cat command

bossplayersCTF: 1 vulnhub walkthrough link