Vulnhub : Warzone 2


I found several ports open like 21, 22 & 1337.

Port 21 (FTP)

Access as anonymous, I found 3 images like below:

So let’s use mget * to get all of the images.


Since I have play CTF several times. This is called Flag Semaphore and one of the best platforms to decode it using


By decoding the above picture I got “semaphore”


By decoding the above picture I got “signalperson”


Since I got the username & password let’s get the hash & token

HASH = sha256(semaphore + signalperson)
TOKEN = bytesToHex(HASH)

I make a simple python script to do this :)

Port 1337

Since I have all of the things needed let’s check on port 1337. It asks for a username, password, and token which I already have.

So I can use ls, pwd and nc. Let’s try to get a reverse shell using nc.

Flagman (User)

I tried to run linpeas and found this

After reading the file I found a possible password for the flagman.

Try to su flagman and we got in!

Admiral (User)

I try to sudo -l and found this.

Let’s try run the python as admiral.

Also, I should port forward port 5000 by using SSH.

ssh -L LOCALPORT: flagman@
ssh -L 5000: flagman@

The first thing I did was to go to /console and put the Debugger PIN and I tried to get a reverse shell from it.


First thing first let’s try sudo -l and I found like below:

We can try check on GTFOBINS

Nice! I manage to root it :)