7MS #210: Vulnhub Walkthrough - Mr. Robot
Intro
The following is a semi-spoilerish walkthrough of the Mr. Robot VM from Vulnhub by Jason (couldn't find a link for him! Hrmm....mysterious!).
Write-up
Flag 1:
An NMAP scan will reveal port 80/443 open. Do the "usual suspects" scan of the Web environment - like nikto, dirb, looking at /robots.txt etc. and you will find the first flag as well as a custom dictionary file for later brute-forcing.
Flag 2:
You will need to find some credentials for software installed on the box. The tools to brute-force and crack the creds are all pre-installed with Kali. Armed with those creds, you should be able to upload a shell and execute it for initial visibility into the machine. The low-level account has enough access to discover a hash for an upper-level account, and once you're escalated to that account, you can find key #2.
Flag 3:
This one kicked my butt. I had to use the privesc cheatsheets (like g0tmi1k's) to go through a bunch of the files/folders/binaries with a fine-toothed comb to find a misconfigured something which allowed me to escalate privs and grab flag #3. Hint: if you're really stuck, check out this paper.
Video Walkthrough with Full Spoiler Sauce!
Still stuck? Check out the video walkthrough below, but be warned - it contains all the gory details and spoilers of the above walkthrough, so only watch if you dare...
7 Minute Security #210: Vulnhub Walkthrough of the Mr. Robot VM from Brian J on Vimeo.