Who Want To Be King Walkthrough

In this post, we are going to solve another Vunhub machine called Who Want To Be King. This another boot-2-root challenge from vulnhub, you can download here the Machine.

Network Scanning

Let’s find the target VM IP address run the netdiscover command.

sudo netdiscover
Who Want To Be King Walkthrough

Now we have an IP address target machine, In my case, my target IP address is (192.168.4.182. and our next step is scanning the target machine’s IP address and finding open ports and running service using the nmap command.

nmap -sV -sC 192.168.43.182

The Nmap scanning output shows us that there are 2 ports open: 22/SSH, 80/HTTP apache httpd server running.

Enumeration

Since We find that port 80 is open and running apache httpd server, so we open the target IP in our browser.

Who Want To Be King Walkthrough

After navigating the target machine IP we found a skeylogger binary file, we download the skeylogger on our local machine. then we try to enumerate useful information in the skeylogger file using the strings tool.

strings skeylogger
Who Want To Be King Walkthrough

and we got a useful base64 encoded string, let’s decode it.

After decoding the base64 encoded string we get a text ( dracarys ), we searched on Google What is dracarys in got and get much more information about the dracarys text.

Who Want To Be King Walkthrough

Let’s try to login with the SSH server using daenerys username and password dracarys, and we successfully login with SSH Server.

ssh [email protected]

Now we have a shell access target machine, we start enumerating the directories and files and we found a zip compress file daenerys.zip, using the unzip command to extract the zip file.

ls
cat secret
cd .local/share/
ls
unzip daenerys.zip
cat djkdsnkjdsn

We get another hint in the djkdsnkjdsn file, let’s read the note.txt files using the cat command and again get a message I’m Khal again we searched on google for I’m Khal and the output give use full name khaldrogo.

again we try to switch the user Daenerys to root using the khaldrogo password, and we successfully change our user, now we have root shell access let’s move the /root directory and read the last root flag.

cat /usr/share/sounds/note.txt
su root
cd /root
cat nice.txt
Who Want To Be King Walkthrough

MySchool Vulnhub Walkthrough link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →