HEADLESS! — Vulnerable Machine

This VM Image is beginner friendly machine. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). There are more ways then one to successfully complete the challenges.

Download link 1: https://www.dropbox.com/sh/t04oh0gxags8k3u/AABCTCFDQ1fQpZkPrv7K2Pffa?dl=0

Download Link 2: https://drive.google.com/file/d/1Bj1Tbk1PHTFFCCFN1mMDjaJ1WprVXyyG/view?usp=sharing

Official Walk-through for the machine:

  1. Start enumerating machine by simple nmap scan considering all ports with -p- as a switch

nmap -p- -sCV — open -o nmap.txt $IP

2. FTP to the subsequent port found, enumerating the every directories you found and by downloading all the files at the same time we get:

3. You’ll find some images and encrypted text there..

3. Are these images are actually images???

(32 OR 64 OR ROT???) again?? (maybe?)

4. Remote login??? (Is it sec#red shell?)

5. Clearly by seeing the permissions given to .home.sh file, we can own the machine by manipulating the script as shown:

And by running the script as shown WE are ROOT!!!, the flag is waiting for you.

— — — — — — — — — — — — — — — — — — — — — — —

That’s all for now,

Until Next Time,

Feel free to ping me anytime:





Cybersecurity | CTFs | Networking |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Day in the Life of a Freelance Software Engineer

Photo by Madison Yocum on Unsplash

Implementing Keras custom layer in Core ML model with enabling GPU acceleration


Software Development Trend ⇒ Continuous Testing

⚡#EasyFixEPNS Collaboration Meme Contest⚡

Become A Command Line Pro

DevOps Leadership 1: Product Thinking

Positioning Product Owner Role In Organizations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neelesh Patel

Neelesh Patel

Cybersecurity | CTFs | Networking |

More from Medium

Potentially dangerous websites.

picoCTF: information

“That SweetPot of Data Net-tar” My first Honey Pot Walkthrough Part 2

Pwnkit Local Linux Privesc Affecting Most Distros CVE-2021–4034 (12-year-old vulnerability?!)