Vulnhub whowantstobeking1 Walkthrough. (Difficulty : Easy)
Hello, this is my first article. I’m going to be solving whowantstobeking1 on vulnhub by Bjorn. I’m aware that there have been similar walkthrough posted before, however, I am going forward with this for self growth and it’ll be an icing on the cake if this helps even one aspiring cybersecurity analyst.
You can download whowantstobeking from the link below :
We are looking at the home screen/login screen when we boot the whowantstobeking machine. However, I’d recommend not to open the machine after boot. Let it run in the background. The reason will be shown in the further steps.
Step 1 : Boot your Kali machine and open the terminal.
Here, as you can see above, I found multiple IP addresses. I opened Firefox in Kali itself and tried all the three IP address and the highlighted one is the whowantstobeking machine IP address.
Step 2 : Visit the website and see what you find.
As shown in the above screenshot, I found a file on the IP address. Go ahead and click on the file and download it into your kali machine.
Step 3 : Go back to the terminal and check the ‘Downloads’ folder to see if the file has been successfully downloaded in your machine. I tried to run a nano command on the file, however, upon opening the file, I understood I need to run a strings command.
Step 4 : Go through the output after running the strings command. And look for..
Step 5 : I figured out that I needed to decode what I had found after running the strings command. Hence, i used to following command to move ahead.
Step 6 : Here, you find dracarys, which could possibly be a username or a password. Hence I used the hint on the whowantstobeking vulnhub page which said “Google is your best friend”.
Note : Earlier I mentioned not the look at the machine after booting it for this very reason. On the login page it tells us that daenerys is the username, so it is a give way that dracarys could be the password.
Here, I found out that ‘Daenerys’ from Game Of Thrones, used the word ‘Dracarys’.
Step 7 : Open the terminal.
As shown above, upon running the nmap scan, we find two open ports, 22 and 80. I decided to try and go for an ssh login. Previously we found the names ‘daenerys’ and ‘dracarys’. I tried some combinations and successfully logged in using the credentials : username : darnerys, password : dracarys.
Step 8 : Go through the directories present in daenerys.
Here, I found a file named ‘secret’ upon running the ls command. cat command helped me to see the contents of the file as we can see above.
Step 9 : Visiting the home directory.
Since I was already in the home directory and found nothing, I didn’t understand what had to be done further, however after brainstorming a little, I tried the following and it worked successfully.
To be concise, ./local/share consists of the non-essential data files. As shown above, I found a zipped file which i unzipped using the terminal which showed me a file and upon using cat command on the file it showed my a directory path.
Step 10 : Visit the directory gained from the zipped file.
The file said “I’m khal….”. I was initially clueless, however I tried logging in into the root user thinking khal was the password. But I failed. Hence, I went back to my best friend for some answers.
Step 11 : Using Google for additional help.
After searching “who is khal", I found out that it is yet another character from Game of Thrones. This character is married to Darnerys in the series.
So I went ahead to try khaldrogo as the password and managed to get in.
Step 12 : Celebrate the success. Congratulations!
As you can see above, upon successfully logging in, I directly visited the root directly looking for the flag and found a file named nice.txt.
Running a cat command showed me the contents of the file.
et voilà ! You’ve successfully captured the flag!
That’s it from my side for this CTF, however, I will be covering more CTFs in the future and not only CTFs, I will also cover walkthrough for Network Analysis pcap files (Forensics Evidence Analysis).
Do leave a feedback or any suggestions in the comments below!