In this guide, we go through the steps needed to solve the Capture The Flag (CTF) challenge known as “Sunset: 1”.
The challenge is downloadable from VulnHub and aims to test both beginner and intermediate players by providing opportunities to improve web exploitation, enumeration, and privileges escalating skills.
It is recommended to use Oracle VirtualBox to avoid any complications that may occur when using other applications.
The first step is to discover the target machine’s IP address using an ARP scan.
Afterwards, we run a scan with Nmap to discover open ports and services.
We find that an anonymous FTP login is allowed and there is a file called “backup”.
We connect to the target machine using FTP and retrieve the “backup” file, which contains user credentials in the form of hash codes.
These hashes are then saved to a text file called “hash.txt” and analyzed using John The Ripper to crack the passwords.
One of the hashes belongs to the user “sunset” with the password “cheer14”, which we use to log in via SSH.