top of page
GK

VulnHub Mr Robot Hacking Walkthrough 1

Updated: Apr 22, 2023

Intro:

Vulnhub is an online platform that provides a variety of virtual machines designed to test and enhance your security skills. One of the most popular challenges on this platform is the Mr. Robot challenge.


Inspired by the television series of the same name, the Mr. Robot challenge is a virtual machine that presents a series of hacking challenges with varying degrees of difficulty. This challenge has become a favourite among cybersecurity enthusiasts due to its well-constructed and realistic environment, which simulates real-world hacking scenarios.


Participants can test their skills in a safe and controlled environment while learning new techniques and strategies. In this challenge, participants are required to discover hidden flags, solve puzzles, and exploit vulnerabilities to gain access to sensitive information. The Mr. Robot challenge is an excellent way to improve your skills and learn more about cybersecurity.


Tools being used in part 1: Nmap, Wget and Cat

Setting up your test environment:

Your need a platform to test on, for this purpose I'm using Oracle Virtual Box, I'll presume you have some basic IT skills so once you have Virtual box installed follow these steps:


  • Download and import the Mr Robot vulnerable machine from:


  • Download and import Kali Linux virtual machine from:



Network Isolation

"Mr Robot" is vulnerable so we need to setup an isolated network so we're safe.


On each from the previous steps head over to settings in VirtualBox, network and set an internal network as "hacklab" as an example, they both have to have the same name to create a secure test isolated network.


The next step is to create a DHCP server to give them an IP address automatically when they boot up, to do this:


Open Command Prompt on your PC and type:

cd c:\program files\Oracle\VirtualBox

vboxmanage dhcpserver add --network=hacklab --server-ip=10.38.1.1 --lower-ip=10.38.1.110 --upper-ip=10.38.1.120 --netmask=255.255.255.0 --enable

Now you can check the config by typing:


vboxmanage list dhcpservers 
 

Time to power up the Virtual Machines


Now the networking is setup and confirmed, power up both Kali and Mr Robot VMs.


In Kali open up terminal and run ifconfig which will give you an ip address of 10.38.1.110



Then run a basic NMAP command to see what machines are in the /24 subnet (255.255.255.0) on 10.38.1.110

nmap 10.38.1.110/24

As you can see Nmap has picked up 10.38.1.111 which is our vulnerable VM!




Now we know the IP address of the Mr Robot VM as 10.38.1.111 and an idea of the open ports we can delve a little further into this machine and get the first of the 3 flags!


The VM is running a webserver on insecure port 80, so lets put the IP address into a browser windows on the Kali VM.

http://10.38.1.111/

After an impressive boot up screen you are presented with the below login:


For a bit of fun type in some of the commands listed above, this is quite impressive and good to play around with.

Back to business, working with Nmap lets do a vulnerability scan on port 80 and find out some more information.

nmap 10.38.1.111 -p80 --script vuln

We have found a WordPress site and the wp-login.php.


Also a notable listing is the "robots.txt" file.


Let's have a look at this robots.txt file by putting this in the browser:


http://10.38.1.111/robots.txt





Then enter the key text into your browser and we have the first key


http://10.38.1.111/key-1-of-3.txt


Congrats!



The other file is "fsocity.dic" which is a dictionary file and will come in useful in stage 2.

We can download this in preparation using the wget command:

wget 10.38.1.111/fsocity.dic

Once downloaded you can view the file using:

cat fsocity.dic


This concludes part 1, where we have completed the following:

  • Setup a pentesting network with a dhcp range, and isolated the environment

  • Scanned the network for the vulnerable machine

  • Used Nmap to check open ports and scan for vulnerabilities

  • Accessed the key via robots.txt and downloaded a dictionary file using wget

 

The next stage is gaining access to the WordPress site by using the downloaded fsocity.dic dictionary file, then once we are logged in we will create a reverse shell to get more control into the server and find the second key.



For part 2 click here and also subscribe for more content!





579 views

Comentários


bottom of page