MuzzyBox: 1 Walkthrough Vulnhub CTF

MuzzyBox 1 Walkthrough Vulnhub CTF

Today, we’re sharing another Vulnhub CTF Walkthrough MuzzyBox 1 design by Muzzy This VM machine hosted on you can download here the machine link

Our First Step is Finding the target IP Address

MuzzyBox: 1 Walkthrough
Network Scanning

After finding the target IP address Nmap Aggressive scanning (-p- parameter ) all port scanning

MuzzyBox: 1 Walkthrough

Nmap scanning we found port 80 & 3000 and 8989, 9633, 15000 open to HTTP Python server, and port 22 open to SSH as well.

open the target IP web browser for port 80 and have found a index.txt file we see the file three challenges

Challenge 1:

Our First challenge is bypassing the Washington State University idcard database

We can see the id card for upload and we see the author Note Don’t upload the file directly, edit with your name and upload its the screenshot.

Now Downloading the idcard our localhost

MuzzyBox: 1 Walkthrough

Now edit the png image file I am using windows inbuilt tool paint we already see the note index.txt Only “Principal” is “Authorized” Washington State University

after editing the again upload the file and our file successfully upload and we found our first Challenge

Challenge 2:

opening the URL web browser and we already see the python debugger and I click the console and new popup window is asking console password we already found the password our first challenge

I write a simple python code for listing the directory and our code is working

we need to Starting our natcat listener any port number

python socket reverse payload

MuzzyBox: 1 Walkthrough

MuzzyBox: 1 Walkthrough

reading our second Flag

MuzzyBox: 1 Walkthrough
Challenge 3:

our target is vulnerable Server-Side Template Injection After a search we found an Exploitation Tool Github

MuzzyBox: 1 Walkthrough
Server-Side Template Injection Download Tool

Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.

MuzzyBox: 1 Walkthrough

login ssh connection with nsctf username and password iamnsce

ls -lsa command to we see /usr/local/sbin directory user nsctf our current user nsctf edit any file sbin directory we already see our third Challenge 3 Can you able to get the /root/Final_Flag.txt file using the Out-of-Band technique ??

again start listening natcat for http post request

editing the ls command with nano editor and creating a post request with the curl command

we found our Final Flag

Five86 2 Walkthrough read