This walkthrough provides a detailed guide on tackling the Sunset: 1 Capture The Flag (CTF) challenge, emphasizing skills in web exploitation, enumeration, and privilege escalation. Users navigate various tools and commands to identify and exploit vulnerabilities, ultimately achieving root access. Affected: Vulnerable web platforms
Keypoints :
- The Sunset: 1 CTF challenge is designed for skill development in web exploitation and privilege escalation.
- The challenge was created by whitecr0wz and released on July 29, 2019.
- Best results are achieved by using Oracle VirtualBox rather than VMWare Workstation Pro.
- The objectives include enumerating the target machine and exploiting vulnerable services to capture flags.
- Initial steps involve performing ARP and Nmap scans to identify the target’s IP and open ports.
- Anonymous FTP login allows access to files on the target machine.
- Credentials for users are retrieved from a backup file after a successful FTP login.
- John The Ripper is used to crack hashed passwords obtained from the backup file.
- After cracking passwords, SSH is used to log in as the user “sunset”.
- Root access is achieved through specified commands due to a lack of password requirements for those commands.
Full Story: https://infosecwriteups.com/sunset-1-walkthrough-d124d06fcc93?source=rss—-7b722bfd1b8d—4