- The VM needed for this challenge can be downloaded here.
- You’ll need Kali Linux in addition to the target VM.
- The final flag for this machine is in the /root folder and is called flag.txt
First Steps:
-
You will not have the login credentials to the machine.
-
We’ll locate this VM using the arp-scan utility within Kali.
-
Copy the MAC address from your VM as seen below within the VMWare virtual machine settings.
Open a shell as root on Kali:
- We’ll deploy the arp-scan tool to perform reconnaissance across the entire subnet and provide a report containing the MAC addresses that are currently active
- Your Kali Linux machine must be on the same subnet as the CTF machine.
- (Be sure your target VM is in Bridged Mode.)
- We’ll pipe the arp-scan results to grep and filter for the MAC address that you identified in the previous step
arp-scan --localnet | grep -i MAC_ADDRESS_OF_MACHINE
Here are the results of my arp-scan:
Nmap:
nmap -sC -sV IP_ADDRESS_OF_TARGET_VM
Here we have a web server on port 80. Nmap is telling us that the default webpage redirects to http://cms.icsi.vuln.
First, check it out by going to the IP Address of the VM in your Web Browser.
