Another vulnerable machine walk through!

This VM was made for hackfest 2016 and is listed as very easy. I won’t disagree with how difficult it is rated. It might be that I have done quite a few of these now but this one shared a lot of similarities with Stapler VM from B-Sides London 2016 (Not that this is a bad thing!) and I had this one done in under an hour.

On with the write-up:

Here’s where it lives if you want to play along.

And a direct lift of the description:

Description Welcome to Quaoar This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/ Difficulty : Very Easy Tips: Here are the tools you can research to help you to own this machine. nmap dirb / dirbuster / BurpSmartBuster nikto wpscan hydra Your Brain Coffee Google :) Goals: This machine is intended to be doable by someone who is interested in learning computer security There are 3 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box Feedback: This is my first vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter simon.nolet@hotmail.com Special Thanks to madmantm for testing SHA-256 DA39EC5E9A82B33BA2C0CD2B1F5E8831E75759C51B3A136D3CB5D8126E2A4753 You may have issues with VMware

Let’s get started with old faithful, arp-scan for it’s network location.

Followed by the obligatory NMAP, lots of interesting things going on here…