Vegeta Vulnhub Walkthrough

In this article, we will share another Vulnhub Machine Walkthrough is named Vegeta. This is a beginner, level machine. Our goal is to read the root flag it’s present in /root directory. You can download here this machine.

Network Scanning

Let’s start with finding our target IP address by using the netdiscover command.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

Now we have our target IP address and our next step is scanning all ports and running services with the Nmap tool.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

Enumeration

Since we see the Nmap scanning output our target machine port 80/HTTP is openly and running an apache HTTP server. Let’s open the target ip in the browser.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

After reading the page source code and try the image file some steganography tools but we couldn’t found anything useful. Then we run the gobuster in dir ( directory brute force ) mode.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

And gobuster discover useful URLs Let’s open the /robots.txt

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

after we open the /find_me directory here we saw another .html URL let’s click the find_me.html

Let’s check the source code of the page and we found base64 encode string we copy the string and double-time decode the string.

And again we saw the decoded output it looks like an image file let’s save the output as a jpeg file. And this image file is a barcode image file we decode the barcode jpeg file online barcode, reader.

and we got a topshellv hint it’s mean that password for b374k backdoor.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

After navigating the b374k.php URL we got a blank page let’s check the source code and here we found /bulma directory comment.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

We open the /bulma directory and we found an audio wave file. We decode the audio file morse code decoders.

Finally, we got an SSH login username and password

Privilege Escalation

Now we have trunks user shell we run the ls – ls /etc/passwd for checking the passwd file permission and our user trunks have read-write permission of the file

Using the OpenSSL we generate a new password and using the cat command we add our new root user in the passwd file

Now this time is escalate the privilege let’s run the su ( switch user ) command.

finally, we have the root shell target machine let’s move the /root directory and read the root flag.

Vegeta Vulnhub Walkthrough, Vegeta Vulnhub Writeup, vulnhub walkthrough, vegeta walkthrough

Funbox Easy Vulnhub Walkthrough link

Leave a Comment