Author: 5k33tz The VM for the CTF challenge is located at https://www.vulnhub.com/entry/imf-1,162/ Description: IMF is a intelligence agency that you must hack to get all flags and ultimately root. The flags start off easy and get harder as you progress. Each flag contains a hint to the next flag. I hope you enjoy this VM and learn something. Difficulty: Beginner/Moderate I started off with an nmap scan for to get a lay of open ports: nmap -p 1-65535 -T4 -A -v 192.168.1.38 Nothing too interesting, except port 80/tcp open. On the “Contact Us” page we’re able to see a couple employee emails: Roger S. Michaels – Director rmichaels@imf.local Alexander B. Keith – Deputy Director akeith@imf.local Elizabeth R. Stone – Chief of Staff estone@imf.local We find the first flag in the source of the contact.php page: <!– flag1{YWxsdGhlZmlsZXM=} –> Decoding the string, we get the contents of flag1: echo YWxsdGhlZmlsZXM= | base64 --decode Flag1: al