Hack the Sedna VM (CTF Challenge)

Today we are going to solve another vunhub’s lab challenges “SEDNA” which contains 4 flags on this machine One for a shell, One for root access and Two for doing post exploitation on Sedna. For doing practice you can download it from here.

Let’s start!!!

Scan particular IP with version scan using Nmap tool as given in the image.

nmap -sV 192.168.0.113

Here it point up the open ports and running services on it. As shown port 22, 53, 80 and etc. are open.

Since port 80 is open therefore let explore target IP: 192.168.0.113 on the browser. From screenshot you can see I have not got any significant thing from here.

Shortly I had used nikto for entire scan and here you can see it has revealed license.txt from the highlighted text in the given screenshot.

Again I move towards browser to look at license.txt here I found the name of software “BUILDERENGINE” which might be used in this machine.

Then I enrolled into Google in hope to seek any exploit related to this software.

Luckily! the first link of the web page took me in the right direction here I found builder “engine 3.5.0 arbitrary file upload Exploit DB”.