Open in app

Sign in

Write

Sign in

Sunset: 1 Vulnhub Walkthrough

Fasalbinsalim
3 min readDec 4, 2023

--

Sunset, a creation of the skilled author “Whitecr0wz”, is a friendly Capture The1 Flag (CTF) challenge designed for beginners. The main goal here is to discover flags and gain access to the system’s root. It provides an excellent starting point for those new to cybersecurity, offering an engaging and accessible learning experience.

Download Sunset using the link: https://www.vulnhub.com/entry/sunset-1,339/

First, we use tools like Nmap to scan and understand the network. It helps find out what devices are on a network, what services they’re using, and if there are any open doors (ports).

nmap 10.0.2.13 -A

we can see, “Anonymous FTP log in allowed” and we can see a backup file. We can log in through anonymous and cat the backup file.

In our exploiting system or OS we have to open a preferred directory for downloading the file by ftp

ftp 10.0.2.13
ls
get backup

we got the backup file, lets open backup file “cat backup

now we got the sunset hash file. create a text file coping the hash file , nano backup1.txt(preferred name) and copy it to it. We got the hash files of the sunset now we can call john to crack the hash file using the ‘rockyou.txt’.

john -wordlist=/usr/share/wordlists/rockyou.txt backup1.txt

hurray!!! We have got the log in password of the sunset.

we can log in through ssh and log in using. username: sunset password: cheer14, we found using john. now we want to escalate our privilege

the sudo -l command is used to list the allowed and forbidden commands for the invoking user (or the user specified by the -U option) on the current host 1. It is a useful command to check the permissions of a user.

If the binary is allowed to run as superuser by sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.

Next, we’ll examine which file has sudo permissions, and our investigation reveals that “ed” is a member of the sudoers. To gain root access, we will execute the command “!/bin/sh,” facilitating the elevation of privileges.

ssh sunset@10.0.2.13
sudo -l
sudo ed
!/bin/sh

nice!!!!! we got the root access now we can perform any with root privilege.

Ctf Walkthrough
Cybersecurity
Education

--

--

Fasalbinsalim

Written by Fasalbinsalim

0 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams