Sunset 1 Vulnhub VM walkthrough

A Walkthrough of the Sunset:1 VM from Vulnhub

A short and fun machine showing off hash cracking and suid abuse.

There’s a small selection of ports available to us in our last sunset machine; FTP and SSH. let’s try connecting to an anonymous login on ftp:

When we connect (using any made-up email address as the anonymous password) we see a backup file, so grab that, disconnect and take a peek inside:

quite a few username:password hashes. I could try and brute force them all, but just to speed things up I made a new file containing only the sunset line, then used John the Ripper to brute force the password:

So here we quickly get the password cheer14 so we’ll connect to the sunset SSH account using that:

and view our first flag:

When we check our sudo permissions, we see that we have sudo permission over ed, this program allows us to invoke a shell, so we’ll launch it with sudo then invoke a shell which will now be executed in a root context:

and then we view our final flag:

Written on December 13, 2019