This CTF machine was created by Hawks Team.
Part 1: Downloading, Importing and Configuring.
We can download Vegeta from Vulnhub.
After downloading, Double click on the .ova file so that it will automatically goes to the vmware.
Configure the settings as shown below and start the machine.
Part 2: Attacking
In kali, open the terminal and type arp-scan to find the IP address of the vegeta machine.
After finding the IP address, now it’s time for nmap scan to find the open ports.
There are two ports open(ssh and http). When we see a http port is open, that means we can access the website.
There is nothing shown in the webiste other than a image.
There will be hidden directories in any website. so to access those things we need a tool called “gobuster”. In gobuster we’ll add a wordlist path for analyzing the website. Commonly we use common.txt;
/usr/share/wordlists/dirb/common.txt
But here we’ll use “Seclists”. You have to download it by just type it in the terminal and press enter.
After Downloading it, go to the directories shown below.
Lists the contents.
In this vegeta, We need only hidden directories. So we need to only use these shown below.
Command for using these .txt files shown below. Use one by one till you get anything suspicious.
Copy this url’s and paste it in a browser.
I got something by checking this.
This is a Morse code. We need to crack it.
Simply download it and we can crack it online by searching morse code audio decoder
Upload the audio file and select zoom in button for clear decoding of the morse code.
It’s look like a username and a password.
When we scanned the IP address using namp. A ssh port was open.
Let’s see we can login via ssh using this cracked username and passsword
Login successfull!!!
Now let’s lists the files.
Let’s check inside .bash_history
Look’s like someone’s username and password.
Let’s check if this user’s username and password is saved in /etc/passwd.
No, there is no such user.
But we can add that user “Tom” to this /etc/passwd and try to get root privilege.
Copy the username and password from .bash-history and save it to /etc/passwd.
Press “crtl+s” to save and “crtl+x” to exit.
Now, try to switch user to “Tom”.
Type the passoword.
Now we got the root privilege.
Let’s lists the files to find the root flag.
For that go to /root directory.
