Intro:
Vulnhub is an online platform that provides a variety of virtual machines designed to test and enhance your security skills. One of the most popular challenges on this platform is the Mr. Robot challenge.
Inspired by the television series of the same name, the Mr. Robot challenge is a virtual machine that presents a series of hacking challenges with varying degrees of difficulty. This challenge has become a favourite among cybersecurity enthusiasts due to its well-constructed and realistic environment, which simulates real-world hacking scenarios.
Participants can test their skills in a safe and controlled environment while learning new techniques and strategies. In this challenge, participants are required to discover hidden flags, solve puzzles, and exploit vulnerabilities to gain access to sensitive information. The Mr. Robot challenge is an excellent way to improve your skills and learn more about cybersecurity.
Tools being used in part 1: Nmap, Wget and Cat
Setting up your test environment:
Your need a platform to test on, for this purpose I'm using Oracle Virtual Box, I'll presume you have some basic IT skills so once you have Virtual box installed follow these steps:
Download and import the Mr Robot vulnerable machine from:
Download and import Kali Linux virtual machine from:
Network Isolation
"Mr Robot" is vulnerable so we need to setup an isolated network so we're safe.
On each from the previous steps head over to settings in VirtualBox, network and set an internal network as "hacklab" as an example, they both have to have the same name to create a secure test isolated network.
The next step is to create a DHCP server to give them an IP address automatically when they boot up, to do this:
Open Command Prompt on your PC and type:
cd c:\program files\Oracle\VirtualBox
vboxmanage dhcpserver add --network=hacklab --server-ip=10.38.1.1 --lower-ip=10.38.1.110 --upper-ip=10.38.1.120 --netmask=255.255.255.0 --enable
Now you can check the config by typing:
vboxmanage list dhcpservers
Time to power up the Virtual Machines
Now the networking is setup and confirmed, power up both Kali and Mr Robot VMs.
In Kali open up terminal and run ifconfig which will give you an ip address of 10.38.1.110
Then run a basic NMAP command to see what machines are in the /24 subnet (255.255.255.0) on 10.38.1.110
nmap 10.38.1.110/24
As you can see Nmap has picked up 10.38.1.111 which is our vulnerable VM!
Now we know the IP address of the Mr Robot VM as 10.38.1.111 and an idea of the open ports we can delve a little further into this machine and get the first of the 3 flags!
The VM is running a webserver on insecure port 80, so lets put the IP address into a browser windows on the Kali VM.
http://10.38.1.111/
After an impressive boot up screen you are presented with the below login:
For a bit of fun type in some of the commands listed above, this is quite impressive and good to play around with.
Back to business, working with Nmap lets do a vulnerability scan on port 80 and find out some more information.
nmap 10.38.1.111 -p80 --script vuln
We have found a WordPress site and the wp-login.php.
Also a notable listing is the "robots.txt" file.
Let's have a look at this robots.txt file by putting this in the browser:
http://10.38.1.111/robots.txt
Then enter the key text into your browser and we have the first key
http://10.38.1.111/key-1-of-3.txt
Congrats!
The other file is "fsocity.dic" which is a dictionary file and will come in useful in stage 2.
We can download this in preparation using the wget command:
wget 10.38.1.111/fsocity.dic
Once downloaded you can view the file using:
cat fsocity.dicThis concludes part 1, where we have completed the following:
Setup a pentesting network with a dhcp range, and isolated the environment
Scanned the network for the vulnerable machine
Used Nmap to check open ports and scan for vulnerabilities
Accessed the key via robots.txt and downloaded a dictionary file using wget
The next stage is gaining access to the WordPress site by using the downloaded fsocity.dic dictionary file, then once we are logged in we will create a reverse shell to get more control into the server and find the second key.
For part 2 click here and also subscribe for more content!