medium.com

Sunset: 1 Walkthrough -Vulnhub

Anshika
~3 minutes

Anshika

“Sunset,” crafted by the adept author “Whitecr0wz,” is a beginner-friendly Capture The Flag (CTF) challenge. Its primary objective is to uncover flags and secure root access to the system. It serves as an ideal introduction for novices in cybersecurity, presenting a compelling and approachable educational journey.

  • Initially, tools such as Nmap are utilized to scan and comprehend the network. This assists in identifying which devices are connected to a network, the services they are utilizing, and whether any ports are open.

Press enter or click to view image in full size

nmap 192.168.1.153 -A

Press enter or click to view image in full size

We can see, “Anonymous FTP log in allowed” and we can see a backup file. We can log in through anonymous and cat the backup file.

In our operating system, we need to open a preferred directory for downloading files via FTP.

ftp 192.168.1.153

ls

get backup

exit

Press enter or click to view image in full size

We have received the backup file; let’s open the backup file with the command “cat backup”.

Press enter or click to view image in full size

Now that we have the sunset hash file, create a text file by copying the hash file content. Use the command `nano backup1.txt` (or your preferred name) and paste the content into it. We got the hash files of the sunset now we can call john to crack the hash file using the ‘rockyou.txt’.

john -wordlist=/usr/share/wordlists/rockyou.txt backup.txt

Press enter or click to view image in full size

Yay!!! We have obtained the login password for the sunset.

Get Anshika’s stories in your inbox

Join Medium for free to get updates from this writer.

we can log in through ssh and log in using. username: sunset password: cheer14, we found using john. now we want to escalate our privilege

ssh sunset@192.168.1.153

ls

cat user.txt

Press enter or click to view image in full size

Hurray!! We got our first flag

Next, we will determine which file has sudo permissions, and our investigation indicates that “ed” is included in the sudoers list.

sudo ed

! /bin/sh

whoami

cd /root

ls

cat flag.txt

Press enter or click to view image in full size

And we got our second flag too!!!

Completed it! Kudos to whitecr0wz for crafting yet another enjoyable box on Vulnhub; while it’s the simplest of the trio, I found it thoroughly engaging.