VulnCMS:1 is an easy level, Mr. Robot themed boot2root CTF challenge where you have to enumerate the box , find the CMS version, and exploit in order to gain access.

Let’s start with finding the IP of the victim.


VulnHub — Hacksudo:ProximaCentauri is a medium level boot2root challenge where you have to enumerate the machine thoroughly and exploit a CMS vulnerability in order to gain access.

Let’s start with finding the IP of the machine.


VulnHub Momentum 2 is a medium level boot2root CTF challenge, where you have to perform some code reviews very thoroughly and exploit an unrestricted file upload vulnerability in order to gain access.

Let’s begin with finding the IP of the VM. I used Nmap for this purpose.


VulnHub Crossroads:1 is an easy level boot2root CTF challenge where you have to exploit SMB and obtain user and root flags.

Let us begin with finding the IP of the VM.


VulnHub Blogger is an easy level boot2root CTF challenge where you have to penetrate a WordPress blog website and hack your way in Mr. Robot Style:) Let’s get into business.

First of all, I used Nmap to find the IP of the VM as follows.


VulnHub BlueMoon (https://www.vulnhub.com/entry/bluemoon-2021,679/) is an easy level boot2root CTF challenge, where you have to grab 3 flags on your way towards root. Let us begin with finding the IP of the box.

Nmap was used to find the IP of the BlueMoon VM as follows.


Why Reverse Engineer Malware?

Reverse Engineering is used by security professionals for static malware analysis in order to extract useful information of the malware when creating it, such as metadata , embedded resources , encryption keys , headers etc. …


This article is based on exploiting a simple buffer overflow in Windows using Vulnserver. If you don’t have an idea about buffer overflows, read my previous article about exploiting a Linux buffer overflow here, https://ravi5hanka.medium.com/privilege-escalation-in-linux-via-a-local-buffer-overflow-dcee4f9b4a49

Tools and OSs Used


VulnHub FristiLeaks(https://www.vulnhub.com/entry/fristileaks-13,133/) is a boot2root CTF challenge where you have to exploit an unrestricted file upload vulnerability, and put your efforts on some sort of decoding skills on the way towards obtaining the root flag.

After downloading the vm from vulnhub, ensure that the network is set to bridged mode…


Spectra is a BOOT2ROOT CTF challenge which checks your skills on exploiting user mistakes , WordPress exploitation and basic privilege escalation.

First of all, fire-up your pentesting machine and connect to HackTheBox network via openvpn. Let us begin with the traditional nmap scan.

Ravishanka Silva

Cybersecurity enthusiast | Undergraduate | CTF player | Writer 💻😎

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store