Sunset:1 Walkthrough — Vulnhub

Hi everyone, thank you for taking time out of your day to read this walkthrough. This is another vulnhub machine I have done and would like to share my experience with it. It is called Sunset: 1 and I enjoyed it because sometimes it left me wondering but not a hard machine to solve.

First we go and find the proper ip address belonging to this machine. With a simple command we can find it and we can continue on the next steps:

Sudo netdiscover –r 10.0.2.0/16

We can see the appropriate IP address is the 10.0.2.24. My next step is always going over nmap and seeing what open ports does this machine have. Using the following command will give me enough information on what to do next:

Nmap –A –T4 –p- 10.0.2.24

So, from this result I can see the ports opened are FTP and SSH. So there is no HTTP ports or MYSQL ports. So I was researching what tools I can use for a bit of testing for FTP, even though I see Anonymous login is enabled, I still like to do more tests.

So the Anonymous login has a folder or file named backup which I would certainly be interested in seeing what’s inside.

I decided to download everything inside and save it locally for further inspection with the following command:

Wget –m ftp://anonymous:anonymous@10.0.2.24

I see the file backup has been downloaded, so being curious I ran the command cat to see what’s inside. You did not expect the cat command right? :D

So this is where I wasted quite a lot of time, as I tried different ways to crack the hashes, but when I decided to go through each one, I saw the sunset user was the proper for this job.

The password has been found to be cheer14. Tried this on FTP but even from previous results, there are no other accounts on FTP, but that doesn’t mean it won’t work on SSH.

Bingo! Found the user flag. Lets continue on our journey!

Now, it’s a good practice to see what commands a user can run by running the command:

Sudo –l

Now we run the command provided that does not require a password, and following the command:

! /bin/sh

Which means we are root! Then its simply navigating to the root and see we found the flag needed for this box.

I enjoyed this box, as I needed to polish my Linux commands and this has been quite a nice refresher. I really recommend this box. Thank you for your time and wish you a wonderful day!