table of Contents

Download

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for “protecting yourself and your network. If you understand the risks, please download!

64Base_3mrgnc3.ova (Size: 1.5 GB)
Download: https://www.dropbox.com/s/30zw231gg523ah8/64Base_3mrgnc3-v1.0.1.ova?dl=0
Download (Mirror): https://download.vulnhub.com/64base/64Base_3mrgnc3.ova
Download (Torrent): https://download.vulnhub.com/64base/64Base_3mrgnc3.ova.torrent ( Magnet)

collect message

Visit 80 pages

View source code

64base:Th353@r3N0TdaDr01DzU@reL00K1ing4

Need account and password

http://192.168.243.162/Imperial-Class/BountyHunter/

Source code display

(64base:Th353@r3N0TdaDr01DzU@reL00K1ing4) login, login is successful

root@kali:~# echo "5a6d78685a7a4a37595568534d474e4954545a4d65546b7a5a444e6a645756584f54466b53465a70576c4d31616d49794d485a6b4d6b597757544a6e4c3252714d544a54626d51315a45566157464655614446525557383966516f3d0a" | xxd -p -r | base64 --decode
flag2{aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj12Snd5dEZXQTh1QQo=}
root@kali:~# echo 'aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj12Snd5dEZXQTh1QQo=' | base64 -d
https://www.youtube.com/watch?v=vJwytFWA8uA

According to the results, visit this video link and find that the name of the video prompts to use Burp

flag3{NTNjcjN0NWgzNzcvSW1wZXJpYWwtQ2xhc3MvQm91bnR5SHVudGVyL2xvZ2luLnBocD9mPWV4ZWMmYz1pZAo=}

root@kali:~# echo 'NTNjcjN0NWgzNzcvSW1wZXJpYWwtQ2xhc3MvQm91bnR5SHVudGVyL2xvZ2luLnBocD9mPWV4ZWMmYz1pZAo=' | base64 -d
53cr3t5h377/Imperial-Class/BountyHunter/login.php?f=exec&c=id