Rating:

Solution:
1. Identifying the Vulnerability:

From the provided hint, we learn that the application is using LibSSH 0.8.1, which is vulnerable.
A quick Google search reveals this vulnerability.
2. nmap Scan:

Running an nmap scan on the target IP address exposes the open ports and services.
3. Exploiting the Vulnerability:

Using the Exploit DB’s Python script for the LibSSH 0.8.1 vulnerability, we can gain a reverse shell.
Download the Paramiko exploit from this link.
4. The command to execute the exploit is:
`python3 exploit.py -T <ip_address> -P 22 -C '<linux_command>'`

5. Locating the Bomb:

After accessing the system, the location of the bomb can be found in `/location.txt`.

Original writeup (https://github.com/CyberCell-Viit/VishwaCTF-24-Writeups/blob/main/VishwaCTF'24/Web/Save%20the%20city.pdf).