7MS #210: Vulnhub Walkthrough - Mr. Robot

Intro

The following is a semi-spoilerish walkthrough of the Mr. Robot VM from Vulnhub by Jason (couldn't find a link for him! Hrmm....mysterious!).

Write-up

Flag 1:

An NMAP scan will reveal port 80/443 open. Do the "usual suspects" scan of the Web environment - like nikto, dirb, looking at /robots.txt etc. and you will find the first flag as well as a custom dictionary file for later brute-forcing.

Flag 2:

You will need to find some credentials for software installed on the box. The tools to brute-force and crack the creds are all pre-installed with Kali. Armed with those creds, you should be able to upload a shell and execute it for initial visibility into the machine. The low-level account has enough access to discover a hash for an upper-level account, and once you're escalated to that account, you can find key #2.

Flag 3:

This one kicked my butt. I had to use the privesc cheatsheets (like g0tmi1k's) to go through a bunch of the files/folders/binaries with a fine-toothed comb to find a misconfigured something which allowed me to escalate privs and grab flag #3. Hint: if you're really stuck, check out this paper.

Video Walkthrough with Full Spoiler Sauce!

Still stuck? Check out the video walkthrough below, but be warned - it contains all the gory details and spoilers of the above walkthrough, so only watch if you dare...

7 Minute Security #210: Vulnhub Walkthrough of the Mr. Robot VM from Brian J on Vimeo.