Member-only story
BlackRose: 1 Walkthrough (Vulnhub)
Description From My-Side
This machine helps me a lot to gain new Knowledge as it has an amazing loophole to pass through. If you are a newbie it will take you around 4–5 hr to solve this with deep and better understanding and if you are a pro you are good to go🧐. Credit for this machine goes to BadLamer. Download it from https://www.vulnhub.com/entry/blackrose-1,509/
Knowledge you will gain
- strcmp() bypass
- bcrypt analysis/generation
- Gaining reverse shell
- Reverse binary with Ghidra
- steganography
Network Scanning
Fire up your terminal and start searching for the victim. I have used netdiscover for this but you can use your own tool.
So our target is 192.168.1.21
Port Scanning
Let’s find out different services running on the ports using Nmap which will provide us the path to compromise the victim.
Web Reconnaissance
As you can see the port 80 is open so let’s visit the web page and try to see what we could find out there.
First, I downloaded the background image to see if there is anything or not, and guess what extracting through steghide requires a password which means we have to grab it.
I then ran a directory scan to check if there is any hidden directory or not.
Nothing useful until now, we got nothing then I started the burp suite to see what is going behind when we submit…
