CyberSploit-CTF Walkthrough

Cybersploit is a beginner level vulnhub ctf machine ,created only for beginners who wanted to learn something new

Host discovery with Netdiscover or Nmap

Our target’s ip addr is 192.168.43.172 now lets run nmap on it nmap -sT -p- -vv 192.168.43.172

So here we got two port open 22 for ssh and 80 for http. first we will enumerate http as its my favourate .We just hit the ip address in the addresss bar of firefox

As the web page is giving the feel of CTF ,so lets start the some manual enumeration ,by searching robots.txt , readme.txt or some interesting file

See we got robots.txt file some base64 encoded hash so lets decode it in our terminal ,let me tell you that this machine is focused on little encoding and decoding using a tool “cyberchef” but I’m not gonna to use it i prefer manual approach .

Web page code enumeration by simple pressing “ctrl+u” to view the source code of the page

And we got some thing interesting here , the username “itsskv”

After a lot of enumeration and thinking on this like what to do now ,So i just use this username ”itsskv” and the flag1 “Cybersploit{youtube.com/c/cybersploit}” as the ssh credentials

Bang ,we got ssh shell .Now we read that flag2.txt

Another binary encoding ,So it used “https://www.rapidtables.com/convert/number/binary-to-ascii.html” web site to decode this binary encoding to ascii value.

Now its time to get root privilege by exploiting the kernel. So I just downloaded the exploit and after compiling it we get root

Now its time to read the finalflag.txt (final flag)

Finally we completed this CTF challenge.