For those who are new to CTF challenges and are not aware of this platform, VulnHub is a well-known website for security researchers which provides users with a method to learn and practice their hacking skills through a series of challenges in a safe and legal environment.<\/p>\n
Please Note:<\/strong>\u00a0For all of these machines, I have used Oracle Virtual Box to run the downloaded machine. I will be using Kali Linux as the attacker machine for solving this CTF. The techniques used are solely for educational purposes only, and I am not responsible if the listed techniques are used against any other targets.<\/p>\n After downloading and running this machine in Virtual Box, we started by running the Netdiscover command to obtain the IP Address of the target machine. The command and its output can be seen in the screenshot given below:<\/p>\n Command Used: netdiscover<\/p>\n As shown in the highlighted area in the above screenshot, we have obtained the Virtual Machine IP address, 192.168.1.19 (the target machine IP address). We will be using 192.168.1.11 as the attacker’s IP address.<\/p>\n Please Note:<\/strong>\u00a0The target and the attacker machine IP address may be different depending on the network configuration.<\/p>\n So, as we have the target machine IP, the first step is to find the ports and services that are available on the target machine. An Nmap full port scan is used for this purpose. This is illustrated in the screenshot given below.<\/p>\n Command Used: nmap 192.168.1.19 -p- -Pn -sV<\/p>\n After the completion of the scan, we found two open ports on the target machine. SSH service was available on port 22, and the HTTP server was available on port 3000.<\/p>\n Let\u2019s start with the HTTP port. I quickly opened the target machine IP on the browser. A web application was running through this port which can be seen in the following screenshot.<\/p>\n As you can see, there is a login button on the homepage but no registration page on the application. I opened the login page and tried some default usernames and passwords but could not find any valid credentials. After that, I thought it might be possible that the login page was vulnerable for SQL Injection which could allow me to login, so I tested the login parameters for SQL Injection. Unfortunately, it was not vulnerable.<\/p>\n As I could not find any further entry point from here, I decided to run Dirb on the target machine to find other files\/folders in the application. However, it could not enumerate any information which could be explored further. The Dirb screenshot can be seen in the screenshot given below.<\/p>\n After that, I decided to manually analyze the HTML content of the application for any clue. First, I checked the HTML content of the index page and found some JavaScripts, which can be seen in the following screenshot.<\/p>\n In the highlighted area of the above screenshot, we can see some JavaScripts. Sometimes developers write the internal URL of the application in the JavaScripts for client-side validations and operations, so I checked all the JavaScripts manually and found an internal URL:<\/p>\n In the above screenshot, we can see an internal URL in the \u201chome.js\u201d file. Let\u2019s open this URL in the browser.<\/p>\nThe Walkthrough<\/h2>\n
![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/1-199.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/2-171.png\")
<\/a><\/p>\n\n
![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/3-135-1.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/4-98.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/5-86.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/6-52.png\")
<\/a><\/p>\n
![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/7-49.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/8-34.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/9-31.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/10-26.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/11-24-1.jpg\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/12-22.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/13-18.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/14-17.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/15-18.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/16-16.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/17-15.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/18-10.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/19-10.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/20-9.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/21-7.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/22-8.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/23-8.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/mk0resourcesinfm536w.kinstacdn.com\/wp-content\/uploads\/24-4.png\")
<\/a><\/p>\n