HEADLESS! — Vulnerable Machine

This VM Image is beginner friendly machine. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). There are more ways then one to successfully complete the challenges.

Download link 1: https://www.dropbox.com/sh/t04oh0gxags8k3u/AABCTCFDQ1fQpZkPrv7K2Pffa?dl=0

Download Link 2: https://drive.google.com/file/d/1Bj1Tbk1PHTFFCCFN1mMDjaJ1WprVXyyG/view?usp=sharing

Official Walk-through for the machine:

  1. Start enumerating machine by simple nmap scan considering all ports with -p- as a switch

nmap -p- -sCV — open -o nmap.txt $IP

2. FTP to the subsequent port found, enumerating the every directories you found and by downloading all the files at the same time we get:

3. You’ll find some images and encrypted text there..

3. Are these images are actually images???

(32 OR 64 OR ROT???) again?? (maybe?)

4. Remote login??? (Is it sec#red shell?)

5. Clearly by seeing the permissions given to .home.sh file, we can own the machine by manipulating the script as shown:

And by running the script as shown WE are ROOT!!!, the flag is waiting for you.

— — — — — — — — — — — — — — — — — — — — — — —

That’s all for now,

Until Next Time,

Feel free to ping me anytime:

https://www.linkedin.com/in/user-neeleshpatel/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store