Hello everyone, Welcome to Pentestguy. In this post we are going to see the walkthrough of the Jangow: 1.0.1 Capture the Flag (CTF) challenge available on Vulnhub. In this Jangow: 1.0.1 vulnhub walkthrough we will cover the initial port scanning, enumeration, command injection, finding the credentials, and privilege escalation to the root user (this ctf contains two flags). Let’s dive into the process.
Download Jangow: 1.0.1 VM from vulnhub – link
Port Scanning
Start by performing a port scan using Nmap to identify open ports on the target machine. The command used is:
nmap 192.168.X.X -oN nmap.txt
The above scan reveals two open ports: port 80 (HTTP) and port 21 (FTP).
Directory Fuzzing
Proceed with directory enumeration since port 80 runs the HTTP service by default. Using dirb which used the default wordlist, but unfortunately found nothing.
dirb http://192.168.X.X
Command Injection
Now it’s time for manual enumeration, and after some time, I found an endpoint that is vulnerable to command injection.
Tried to execute code for the reverse shell, but the ctf is not configured to communicate out of the box/internet. Decided to continue enumeration via command injection and found a config.php file that includes credentials.
As ctf doesn’t have the SSH service enabled, first tried the credentials with the FTP service, and the credentials are jangow01:abygurl69
User flag
Tried the same credentials to log in to the box and it works!
Root flag
For privilege escalation, checked the kernel version and that was vulnerable for privilege escalation. After a few exploits found the one – https://www.exploit-db.com/exploits/45010 which works.
Shared the exploit via ftp as the vm was unable to access it out of the box, complied it on the box itself, and executed it.
I hope you found this article helpful and encourage you to suggest more topics in the comments. Don’t forget to share this post with your friends. Now you can also collab with us please check our collaboration page, Thank you
Leave a Reply