HEADLESS! — Vulnerable Machine

This VM Image is beginner friendly machine. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). There are more ways then one to successfully complete the challenges.

Download link 1: https://www.dropbox.com/sh/t04oh0gxags8k3u/AABCTCFDQ1fQpZkPrv7K2Pffa?dl=0

Download Link 2: https://drive.google.com/file/d/1Bj1Tbk1PHTFFCCFN1mMDjaJ1WprVXyyG/view?usp=sharing

Official Walk-through for the machine:

  1. Start enumerating machine by simple nmap scan considering all ports with -p- as a switch

nmap -p- -sCV — open -o nmap.txt $IP

2. FTP to the subsequent port found, enumerating the every directories you found and by downloading all the files at the same time we get:

3. You’ll find some images and encrypted text there..

3. Are these images are actually images???

(32 OR 64 OR ROT???) again?? (maybe?)

4. Remote login??? (Is it sec#red shell?)

5. Clearly by seeing the permissions given to .home.sh file, we can own the machine by manipulating the script as shown:

And by running the script as shown WE are ROOT!!!, the flag is waiting for you.

— — — — — — — — — — — — — — — — — — — — — — —

That’s all for now,

Until Next Time,

Feel free to ping me anytime:





Cybersecurity | CTFs | Networking |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CRODO -Ambassador program

How to turn an idea into an App

Take Bee v1.0-rc4 for a testnet drive

Creating and Deploying a Python Flask Microservice on Amazon Fargate — Part II

OpenCV distance detection

Install and Configure Apache Tomcat

Coping with (Code) Failures

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neelesh Patel

Neelesh Patel

Cybersecurity | CTFs | Networking |

More from Medium

[Day 11] Networking Where Are The Reindeers? | Advent of Cyber 3 (2021)

Advent of Cyber 3 (2021) — Day 1


Tryhackme: Basic Pentesting Walkthrough by Akash