We demonstrated a simple boot2root CTF walkthrough named, Covfefe, where we performed an initial Nmap scan followed by directory discovery. We found an SSH private key accessible publicly so we used it to gain an initial SSH shell. We exploited a buffer overflow vulnerability in binary we found to elevate privielges to root.


Covfefe is my Debian 9 based B2R VM, originally created as a CTF for SecTalks_BNE. It has three flags.

It is intended for beginners and requires enumeration then [spoiler]!


Open Ports: 22,80 and 31337

Directory Enumeration can be performed using dirbuster on port 31337 to find interesting files.

First flag can be found under /robots.txt

SSH key can be downloaded by visiting /taxes/

You could then use ssh2john with rockyou.txt wordlist to extract the password.

Buffer overflow can be exploited on read_message

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles