Vulnhub Raven 1 Walkthrough
By R3a50n Intro: Raven 1 is listed as a beginner/intermediate CTF box on Vulnhub. I would classify it more as beginner but it always depends on the attacker’s skill set. I would recommend running it in VMWare because of the trouble I had trying to get it running with VirtualBox. Quick warning about the. Dina 1.0.1 Walkthrough (VulnHub) by gr0mb1e Published by Touhid Shaikh on December 20, 2017. Dina 1.0.1 Walkthrough. Original Author.
Source:I’m a sucker for a challenge (this one advertises itself as medium-high difficulty) and a good theme. As per the vulnhub.com instructions for this CTF there are:. 1 flag for each of the 7 kingdoms.
Vulnhub Raven 1 Walkthrough Cheats
3 secret flags. 1 final battle flag (root?)So let’s get started.Initial nmap scan to confirm target’s IP:nmap 192.168.111.0/24 -sPNow for the OS/Service discovery on all ports (I like doing this longer thorough scan initially now because it gives me an excuse to take a coffee break):nmap 192.168.111.100 -O -sV -p- -T4From this initial scan we have a lot of different directions to go. There are 3 instances of web servers running alone!Let’s start with the most obvious (port 80):A simple page with the symbols of all seven kingdoms and the GoT theme music playing in the background. But when we look at the source we get some instructions: Goal:Goal: -Get the 7 kingdom flags and the 4 extra content flags (3 secret flags + final battle flag). There are 11 in total.Rules/guidelines to play: - Start your conquer of the seven kingdoms - You'll need hacking skills, no Game of Thrones knowledge is required. But if you play, it may contains spoilers of the TV series - Difficulty of the CTF: Medium-High - This is the start point, the base camp - You must travel to westeros. First stop: Dorne.
Last stop: King's Landing - Don't forget to take your map (try to find it). It will guide you about the natural flag order to follow over the kingdoms - Listen CAREFULLY to the hints. If you are stuck, read the hints again! - Powerful fail2ban spells were cast everywhere. Bruteforce is not an option for this CTF (2 minutes ban penalty) - The flags are 32 chars strings. You'll need them Good luck, the old gods and the new will protect you!
Vulnhub Raven 1 Walkthrough 1
The game already started!! A couple of hints as a present.' Everything can be TAGGED in this world, even the magic or the music' - Bronn of the Blackwater'To enter in Dorne you'll need to be a kind face' - Ellaria SandInstead of loading the main picture via HTML, CSS + JS script is called so let’s take a look at both of those as well (/js/gameofthrones.js, cs):Here we find 3 additional hints:/.“You’ll never enter into King’s Landing through the main gates. The queen ordered to close them permanently until the end of the war” – Tywin Lannister“If you put a city under siege, after five attacks you’ll be banned two minutes” – Aegon the Conqueror and His Conquest of Westeros Book.//.“Music reaches where words can’t. It’s known even for the animals” – Catelyn Stark./That last hint gives me an idea and I download both the MP3 and WAV file that are referenced on the page for the background music. Using strings on both I was’t able to find anything decipherable with the WAV file, but I did find this right at the end of the MP3:So that’s 1/3 secret flags acquired!
Vulnhub Raven 1 Walkthrough 3
LOAD DATA INFILE 'data.txt' INTO TABLE db2.mytable;Now “ironthrone” is the only table that exists now and we know it displays out to the screen fine so let’s try loading/etc/mysql/flag into it.That didn’t seem to work, and I didn’t get any sort of error message back. I expect you to die missions.