Try to get the two flags! Root the machine and prove your understanding of the fundamentals! This is a virtual machine meant for beginners. Acquiring both flags will require some basic knowledge of Linux and privilege escalation methods.
————-
We are going to start by enumerating the machine using Nmap to search for any open ports/services
Looks like we have 4 ports open
21 — ftp
22 — ssh
139 — SMB
445 — SMB
I have a hunch this is exploitable by Eternal Blue but we shall see!
Next it would like us to locate a share on this machine. Using our same nmap scan (with the -sC for scripts), we get the following
From here I am going to FTP in since it appears to allow anonymous connections
We find a file with the following script
It appears to be some kind of script that is cleaning something up. Assuming this is run with a cronjob (scheduled task for Linux).
This is still something that I am currently learning. So going to check into a few external resources for this one. But the concept of it is to basically set our shell to run trigger when this cronjob runs.