$$ RED13 $$

• The VM needed for this challenge can be downloaded here.
• You’ll need Kali Linux as well.
• The final flag for this machine is in the /root folder and is called FLAG.txt

First Steps:

• You will not have the login credentials to the machine.

• Before you power it on, go to the machine settings and give the network adapter a custom MAC address.

  • This way you will be able to locate it with the arp-scan utility within Kali.
  • Don’t use the MAC address I have below. Everyone in the class needs something different.
    • Manually randomize the MAC Address you give your machine!

  

Once you have started the CTF machine, pull up a root shell on Kali and do the following:

• use the*arp-scan* utility to scan the entire subnet and report back on MAC addresses that are present.
  • Your Kali Linux machine must be on the same subnet as the CTF machine.
• Use grep to filter for the MAC address that you gave the CTF Machine.
• NOTE: I only grep for the OUI of the MAC address. You should grep for the entire MAC Address!

  • Use all 6 Hex characters in your grep

  • Not sure what this command is doing? —Ask ChatGPT? Slow down and ask questions. (No need to rush)

    

NMAP Results

nmap -sC -sV IP_ADDRESS_OF_CONTAINER

Open it up in a web browser:

We’re met with a redirect (Status Code: 301) to http://escape.icsi.vuln, which can not be resolved to an IP Address.

The TLD (Top Level Domain) here (.vuln) is not one that we would expect to find within the 13 global Root DNS servers. It’s not a .com, .org, .net, etc. It’s a local domain we can try adding it to the /etc/hosts file.

pico /etc/hosts