Mr Robot 1 – CTF from vulnHub

VulnHub has a new vulnerable VM/ CTF based on the famous series named Mr. Robot.
You can download the VM from the below link.
https://www.vulnhub.com/entry/mr-robot-1,151/
rb1
Personally i’m not a big fan of Mr. Robot series. Anyway i have decided to give it a try; and will try to put a writeup here. 🙂

Let me tell you how i did it. I have copied the target ‘Mr.robot’ VM to my laptop; imported it into my VM workstation. I was using the bridged mode in vm. So i had to execute netdiscover in order to find the IP of the target.

1

Here our target is 192.168.0.6

Lets run a portscan against this IP, in order to find out what services are there in our Mr. robot VM.

2

From the Zenmap scan we could see that there are 3 ports in the target machine. 80 and 443 are open and port number 22 seems to be closed. An instance of Apache webserver is running in the target system using 80 or 443. Lets see what happens if we are accessing this ip using our browser software.
3

I was able to access the website which was hosted in the target machine, using both http and https.  I prefer to continue using that web page with http only.  Lets see what happens.

4

Well we have a pretty cool webpage here. And these commands, they seems to be working.
Checked the HTML source. There is a comment says “You are not alone”. Could not find any other useful info from here.

5

SInce its a web server (Apache) we could do a quick nikto scan and it’ll give us an overview of the web module and web server serivice. Also it’ll help us to find possible vulnerabilities in the target machine.

6