Vulnhub Walkthrough : Matrix-Breakout: 2 Morpheus

Vulnhub walkthrough : Matrix-Breakout: 2 Morpheus : VulnHub is a popular online platform that provides virtual machines (VMs) for cybersecurity enthusiasts, penetration testers, and anyone interested in learning about ethical hacking and cybersecurity. The platform offers a wide variety of intentionally vulnerable VMs that users can download and run on their own virtualization software, such as VirtualBox or VMware.

In the realm of cybersecurity, ethical hacking, or penetration testing, plays a pivotal role in safeguarding digital systems from malicious attacks. Aspiring ethical hackers need a platform to hone their skills and understand the vulnerabilities that malicious hackers exploit. VulnHub, a virtual machine (VM) platform, has emerged as an essential resource for cybersecurity enthusiasts. In this article, we will explore VulnHub’s significance in learning hacking and the key reasons why it is invaluable for ethical hackers.

What is VulnHub?

VulnHub is a repository of intentionally vulnerable virtual machines, designed to replicate real-world scenarios where cybersecurity vulnerabilities exist. These VMs encompass a wide range of challenges, from basic to highly complex, allowing users to practice and improve their hacking skills in a controlled and legal environment.

The Importance of VulnHub in Learning Hacking:

1. Realistic Hands-On Experience: VulnHub provides a platform for aspiring ethical hackers to gain practical, hands-on experience. Unlike theoretical learning, real-world scenarios with vulnerable VMs offer invaluable insights into actual cyber threats and vulnerabilities.
2. Safe Learning Environment: Ethical hacking involves experimenting with security vulnerabilities, which can be illegal and harmful if performed on real systems without permission. VulnHub offers a controlled and legal environment where users can test their skills without repercussions.
3. Varied Challenge Levels: VulnHub VMs cater to all levels of expertise, from beginners to advanced hackers. Users can choose VMs based on their skill level and progressively challenge themselves as they improve.
4. Diverse Skill Set Development: The platform covers a broad spectrum of cybersecurity concepts, including web application security, network penetration testing, privilege escalation, and more. This diversity helps individuals develop a well-rounded skill set.
5. Community and Support: VulnHub has a thriving online community where users can seek help, share their experiences, and collaborate on solving challenges. The community aspect fosters learning and knowledge sharing.
6. Preparation for Certifications: Many cybersecurity certifications, such as Certified Ethical Hacker (CEH) and Offensive Security Certified Professional (OSCP), require hands-on practical skills. VulnHub is an excellent resource for preparing for these exams.
7. Career Advancement: Ethical hacking is a sought-after skill in the cybersecurity industry. Experience gained on VulnHub can be a valuable asset when seeking cybersecurity job opportunities or freelance work as a penetration tester.

Getting Started with VulnHub:

1. Set Up a Virtualization Platform: Install a virtualization platform like VirtualBox or VMware Workstation Player on your computer.
2. Download VMs: Browse the VulnHub website and select VMs that match your skill level and interests.
3. Import VMs: Load the downloaded VMs into your virtualization software.
4. Begin Hacking: Start the VM, and the hacking challenges begin. Try to identify vulnerabilities, exploit them, and gain root or administrator access.
5. Document and Learn: Keep detailed notes of your exploits and solutions. Learning from your experiences is key to becoming a proficient ethical hacker.

Conclusion:

VulnHub is not just a platform for hackers; it’s a training ground for ethical hackers committed to safeguarding digital assets and information. It offers a risk-free environment to practice and refine skills while gaining insight into the constantly evolving world of cybersecurity. Whether you’re a beginner or an experienced professional, VulnHub is an essential resource on your journey to becoming a skilled ethical hacker. It fosters a community of learners and problem solvers, contributing significantly to the ever-growing field of cybersecurity.

Matrix-breakout : 2 breakout morpheus

In the world of cybersecurity, challenges and competitions serve as vital training grounds for professionals to sharpen their skills and keep pace with the ever-evolving threat landscape. One such captivating challenge is “Matrix-Breakout: 2 Morpheus.” This article explores what Matrix-Breakout is, its significance in the cybersecurity community, and the intriguing aspects that make it a must-try for ethical hackers and enthusiasts.

Matrix-Breakout: 2 Morpheus – An Overview:

Matrix-Breakout: 2 Morpheus is a capture the flag (CTF) challenge designed to simulate real-world cybersecurity scenarios. It is hosted on platforms like VulnHub and TryHackMe, making it easily accessible to cybersecurity enthusiasts of varying skill levels. The challenge is inspired by the iconic movie “The Matrix,” and it invites participants to step into the shoes of Morpheus, the rebel leader, as they navigate a digital world filled with puzzles, vulnerabilities, and secrets to uncover.

Key Aspects of Matrix-Breakout: 2 Morpheus:

1. Scenario-Based Learning: Matrix-Breakout is scenario-driven, immersing participants in a narrative that involves hacking into the Matrix, the simulated world of computer systems. This narrative-driven approach not only makes the challenge engaging but also enhances learning by providing context.
2. Multiple Levels of Difficulty: The challenge offers multiple levels, from beginner to advanced. Each level presents a unique set of puzzles and vulnerabilities to exploit. Participants can choose their starting point based on their skill level and progress at their own pace.
3. Enumeration and Exploitation: Participants are required to perform enumeration, which involves scanning for open ports, services, and vulnerabilities on target systems. Once vulnerabilities are identified, ethical hackers must exploit them to gain access.
4. Variety of Skills: Matrix-Breakout tests a wide range of cybersecurity skills, including web application security, network penetration testing, privilege escalation, and cryptographic challenges. This diversity ensures that participants develop a well-rounded skill set.
5. Realistic Challenges: The challenges are designed to mimic real-world scenarios, ensuring that participants are exposed to practical cybersecurity issues they might encounter in their professional careers.
6. Community and Support: Matrix-Breakout has an active and supportive community of participants who share hints, strategies, and solutions. Collaboration and knowledge sharing are encouraged, making the challenge accessible to a wide audience.

Why Matrix-Breakout: 2 Morpheus Matters:

1. Skill Enhancement: Matrix-Breakout provides an opportunity to practice and refine cybersecurity skills in a controlled and legal environment. Participants can experiment with vulnerabilities without the risk of breaking the law.
2. Career Advancement: Completing Matrix-Breakout challenges and similar CTFs can bolster one’s resume and demonstrate practical skills to potential employers. Many organizations value hands-on experience when hiring cybersecurity professionals.
3. Community Engagement: The challenge fosters a sense of community among cybersecurity enthusiasts, promoting collaboration and knowledge exchange. Participants can learn from each other’s experiences and discoveries.
4. Entertainment and Learning: Beyond its educational value, Matrix-Breakout offers an entertaining and immersive experience inspired by a popular movie franchise.

Matrix-Breakout: 2 Morpheus is not just a cybersecurity challenge; it’s a gateway to an exciting world of ethical hacking, skill development, and community engagement. Aspiring ethical hackers and cybersecurity enthusiasts can embark on a journey that not only tests their abilities but also provides a deeper understanding of the intricacies of securing digital systems. Whether you’re a beginner looking to learn or an experienced professional seeking a challenge, Matrix-Breakout offers an engaging and rewarding experience that mirrors the ever-evolving cybersecurity landscape. So, are you ready to break free from the digital Matrix and explore the world of ethical hacking?

so let’s get onto the pilot sit and get in to the world of ctf to conquer morpheus….

environmental information

Target aircraft: 192.168.124.153
Attack aircraft: 192.168.124.129

Targeting Process

NMap

It is found that ports 22, 80, and
81 are open to access port 80.

The website has a character Trinity in The Matrix. Let us investigate the computer and prompt us that cypher has locked us out of ssh.
Access port 81

directory scan

Scan a directory first, use as many tools as possible to scan, and change a few dictionaries

I found a php file.
Visit graffiti.php, and try to enter information to submit.

Also read : Hack The Box (HTB) Academy : Socket HTB walkthrough

I found that the input content will be displayed on this page.
Visit the graffiti.txt file, and found that the input information has also been written into the graffiti.txt file.

write reverse shell

Since there is a write operation here, grab a package to see

where you can specify the file to be written, then write directly to a rebound shell ~

Successfully write the rebound shell
nc monitor, access the shell and successfully rebound

Found a FLAG.txt in the root directory

Found prompt pictures and .htpasswd password files

Prompted to find the password of cypher, and also prompted that there is a hidden picture cypher-neo.png on port 80. There is

also a picture trinity.jpeg in the website directory. Check
the information of these two pictures, but no bundled files are found

After searching in the target machine, I found the .htpasswd hidden file, ignorance-bliss.png, and index.html files in the /var/nginx/html/ directory. View the content of index.html. I mentioned “ignorance is bliss”, which made me feel that it might be related to ignorance-bliss.png,

Also read : Hack The Box Academy Walkthrough – Interface

but

did not find anything…

Blow password

Check the .htpasswd file and find the encrypted password of cypher.

Since you said you want to get the password of cypher, try to blast it with john and hashcat, but you can’t get any results. It may also be a dictionary problem.

Try system vulnerability escalation

Uploaded linpeas.sh to check the system vulnerability

and found many loopholes.

Here, tryCVE-2022-0847 (Dirty-pipe)

to successfully escalate to root
and found FLAG.txt in the root home directory

Replenish

I feel that this target machine should have other ideas. After all, it was prompted to find the password of cypher.

From the prompt of FLAG.txt in the cypher home directory, we can see that this target machine should let us get the cypher password to log in first, and then let us escalate to root.

Summarize

1. Directory scanning: Use several scanning tools, such as dirb, gobuster, dirsearch, etc.
2. Write to shell: Here is the write operation of a page found, and write it into the rebound shell by capturing packets
3. Password blasting: The encrypted password in the .

Vulnhub walkthrough : Matrix-Breakout: 2 Morpheus