Me and My Girlfriend: 1 vulnhub walkthrough

Me and My Girlfriend: 1 Vulnhub Walkthrough | Me and My Girlfriend: 1 Vulnhub Writeup

Hello friends, Welcome back for another Vulnhub Me and My Girlfriend: 1 CTF Walkthrough. this VM is made by TW1C3 and Difficulty Level is Beginner You can download here


This VM tells us that there are a couple of lovers namely Alice and Bob, where the couple was originally very romantic, but since Alice worked at a private company, “Ceban Corp”, something has changed from Alice’s attitude towards Bob like something is “hidden”, And Bob asks for your help to get what Alice is hiding and get full access to the company!

Network Scanning

Every time our first step is finding our target IP

In my case, my target Ip address is our next step is nmap scanning running ports and services


I open target IP address our browser and We see a message who are you? hacker?

from the landing page, I didn’t find anything useful then I reading the source code landing page and we see a comment ( Maybe you can search how to user x-forwarder-for )

well, we can easily do that using burp. So I open burp suite and click on the Options tab and added the header like this

And again refresh the page and I capture the request and we see replaced header our header is successful set now forward the request

After forward the burp suite request landing page is redirecting another URL and we see a login portal

I click the register link and create a new user my name

login with the previous register user

I found a sql injection vulnerable URL user_id= Now using the vulnerability we see all user information changing user_id value

again I click the profile link and using burp suite captures the request and send the request repeater

Now I start changing user_id and I found a valid-user Alice we see the response page

I tried to log in this username and password ssh connection and me successful login with Alice user then I ran the ls -lsa command and we see the terminal output all hidden file and directory

move on the .my_secret directory and again run ls command I found our first flag1.txt

Privilege Escalation

Without wasting our time, I looked for sudo rights and I found that Alice can run the php command using sudo without root password

I create a variable and adding shell name /bin/bash our next step is executing the variable command using sudo /usr/bin/php/php

We got the root shell through this script I move on root user home directory reading our last flag

EVM 1 Vulnhub CTF Walkthrough link

3 thoughts on “Me and My Girlfriend: 1 vulnhub walkthrough”

  1. Long time reader, first time commenter —
    so, thought I’d drop a comment.. — and at the same time ask for
    a favor.

    Your wordpress site is very simplistic – hope you don’t mind me asking what theme you’re using?
    (and don’t mind if I steal it? :P)

    I just launched my small businesses site –also built in wordpress like yours–
    but the theme slows (!) the site down quite a bit.

    In case you have a minute, you can find it by searching for “royal cbd” on Google (would appreciate any

    Keep up the good work– and take care of yourself during the coronavirus scare!


Comments are closed.

Exit mobile version