sahu: 1.1 Walkthrough Vulnhub

sahu: 1.1 Walkthrough Vulnhub CTF

Sahu: 1.1 is another CTF challenge given by vulnhub and the level difficultly is set according to beginners. and this is a boot to root challenge. you can download here

According to the author

Sahu is a Virtualbox VM Built on Ubuntu 64 bit, The Goal Of this Machine is to get root And Read the root.txt file with Some Good Enumeration Skills

Network Scanning

First We Scanning our local network with netdiscover

sahu: 1.1  Walkthrough

The next step is scanning the host IP to identify open ports and running services. twith Nmap aggressive scan

sahu: 1.1  Walkthrough
Enumeration

we found our target port is open 21 FTP, 22 SSH, 80 HTTP, 139,445 smb samba server and we see the Nmap scan ftp port allows anonymous user login

  • username: ftp
  • password: ftp

After login with ftp, I found a ftp.zip but the file is password protected

sahu: 1.1  Walkthrough

When you will explore machine IP in the web browser, we will see a Haryana State map

sahu: 1.1  Walkthrough

downloading the Haryana jpg file

sahu: 1.1  Walkthrough

Basic directory Scanning with dirb

I didn’t see anything I move on reading the source code and I found a paragraph line try to extract with hurry

extracting data Haryana image file using password hurry

After extracting the file I found a new file file.txt and we see author massage hint I have forgotten the last two part of it can you find out 5AHU**

sahu: 1.1  Walkthrough

I created many dictionaries with a crunch but finally, I found correct wordlist

cracking the zip file fcrackzip kali Linux toll dictionary mode (-D ) ( -p parameter our wordlist) and our ftp.zip file name

and we found a possible password: 5AHU#5

sahu: 1.1  Walkthrough

I try to log in with ftp.txt file credential and again we found another ssh.txt file get command to download the file our local system

sahu: 1.1  Walkthrough
  • username: haryana
  • password: hralltime

login with ssh connection

sahu: 1.1  Walkthrough
Privilege Escalation

Enumeration time I round target system /etc/passwd file writeable all user edit this file

Generating a New MD5 salted hash

sahu: 1.1  Walkthrough

Adding our user /etc/passwd file using nano editor

After adding new user target passwd I run ( su switch user command) hacknos and we see our shell is change normal user to root user

Finally, we found our root Flag !!!!

Sar: 1 Walkthrough Vulnhub CTF read

Leave a Comment