Ctf

Note: this was converted from LaTeX to Markdown using ChatGPT 4.1. The original PDF can be found here along with the bibliography. Ethical hacking of a CTF-VM Laboratory protocol Exercise 7: Ethical hacking of a CTF-VM Figure: Grouplogo Subject: ITSI Class: 3AHITN Name: Stefan Fürst, Justin Tremurici Group Name/Number: todo/12 Supervisor: SPAC, ZIVK Exercise dates: 17-19.1.2025 Submission date: 20.1.2025 Table of Contents Task definition Summary Complete network topology of the exercise Exercise Execution Setting up the virtual machines Reconnaissance: Scanning the Network Reconnaissance: Exploring the websites Weaponization: Evaluating the needed tools Exploitation: Using Hydra to break HTTP basic authentication Exploitation: Using Hydra to brute force SSH login Exploring the system Listing all the files Investigating the listening service Investigating the process flag Further investigating the webserver Investigating secret_flag.txt Exploring the new user Finding the history flag It should be over now, right? Privilege escalation on Linux Using a smart enumeration tool Trying a kernel level exploit Trying to get privileges using Metasploit and Meterpreter Getting root access through editing the GRUB boot options Obtaining the final flag References Task definition This task is based on a Capture the Flag (CTF) challenge, where multiple flags are hidden across an environment and can be found either through exploits or by navigating the system. Two virtual machines are provided: an Ubuntu server, which hosts the flags, and a Kali Linux machine for offensive actions. Both machines operate in a Host-only network, meaning they can communicate with each other but not with the external internet or other devices. ...