We demonstrated a simple boot2root CTF walkthrough named, Covfefe, where we performed an initial Nmap scan followed by directory discovery. We found an SSH private key accessible publicly so we used it to gain an initial SSH shell. We exploited a buffer overflow vulnerability in binary we found to elevate privielges to root.

Description

Covfefe is my Debian 9 based B2R VM, originally created as a CTF for SecTalks_BNE. It has three flags.

It is intended for beginners and requires enumeration then [spoiler]!

Highlights

Open Ports: 22,80 and 31337

Directory Enumeration can be performed using dirbuster on port 31337 to find interesting files.

First flag can be found under /robots.txt

SSH key can be downloaded by visiting /taxes/

You could then use ssh2john with rockyou.txt wordlist to extract the password.

Buffer overflow can be exploited on read_message

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

Buffer Overflow, CTF Writeup, HTML, Penetration Testing, vulnhub

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

From Web Into SSH Shell | Covfefe VulnHub CTF WalkThrough

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

PhpMyAdmin Command Injection | EP1 | Zico2 VulnHub CTF Walkthrough

HTML Forms Injection Explained | EP1 | OWASP Hackademic | Challenge 10

Press ESC to close

From Web Into SSH Shell | Covfefe VulnHub CTF WalkThrough

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

PhpMyAdmin Command Injection | EP1 | Zico2 VulnHub CTF Walkthrough

HTML Forms Injection Explained | EP1 | OWASP Hackademic | Challenge 10