VulnHub VM write up – Raven: 1 (CTF Challenge)

Hello there! Another beginner/intermediate machine named Raven:1 by William McCann. Download from VulnHub.

Let’s start!

I run nmap ping scan and discover the target at 192,168.43.252

Then I run nmap aggressive scan on the ip.

I find apache server running on port 80. Let’s look at it.

So, just looking around I find a wordpress blog. Looking at the source code of the pages I find the first flag:

Now the blog. I need to add raven.local domain into my hosts file to see the pages. After looking at it I discover the first user michael.

 

I find that the ssh password for user michael is michael and I login into the system

I start looking around and I find the second flag inside /var/www/

I look at wp-config.php inside wordpress blog and I find the password for mysql

Looking inside the DB I find the 3rd flag in the wp_posts table

I look at wp_users table and get the hashes for the passwords of michael and steven

Now I crack these hashes and I find the password pink84

That turns to be steven’s password and now I can login into ssh as steven

Now it looks like steven can sudo the python binary

Now I execute python and start a root shell and read the final flag

There should be another way to get root, but I am happy with this one.

 

Happy Hacking!

Grey 00-wolf

Leave A Comment

Your email address will not be published. Required fields are marked *