1. nmap scan for the IP address. Then, we do a full scan for ports.
2. Looks like we have ssh and python using SimpleHTTPServer module servicing the server.
I took a look at port 31337 using Firefox and Burp. It gives a page that is all black except
wherever your mouse lands. I have to say the effects were very cool. Let’s look at the page source.
2. Looks like we have ssh and python using SimpleHTTPServer module servicing the server.
I took a look at port 31337 using Firefox and Burp. It gives a page that is all black except
wherever your mouse lands. I have to say the effects were very cool. Let’s look at the page source.
3. There seems to be something to look at.
<!-- key_is_h1dd3n.jpg -->
Let’s try to browse for it.
4. After having a little bit of nostalgia of watching Sneakers, I downloaded the jpeg. Maybe there is something there. I can check using the commands (strings, file, exif, steghide, etc).
5. Using steghide, I used “h1dd3n” as the passphrase. It did hint that it was the key. It gave a text file called h1dd3n.txt.
6. Well, I recognize those strings from previous CTF’s. Time to go to https://copy.sh/brainfuck
7. Well, we have what seems to be a username and password. We did see the service SSH on port 1337.
Let’s try to use: ud64:1M!#64@ud
8. We have a login but… with a limited/restricted shell. There’s a trick, for that:
https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells?slide=9
ssh ud64@192.168.126.133 -p 1337 -t "bash --noprofile"
9. Welp, we are in and we can run commands.
10. Let’s do some digging and find out about this server. Run the usual commands (id, uname, ls, etc)
11. After looking around for a couple of minutes, thought to find out about sudo.
12. What the heck is that file.
13. Oh, so this is just strace command. Maybe it was just renamed. Anyway, I just kept playing with the command in order to get root or view root level files.
14. Looks like you can view the contexts of /root. There is a flag.txt file there. Let’s see if we can view it.
https://news.ycombinator.com/item?id=5277241
sudo /usr/bin/sysud64 -fe execve sudo -s
If the wheel is completely balanced, clean, and fair, a spun ball is equally doubtless to|prone to} land in any of the slots. However, imperfections in a wheel may cause some numbers SM카지노 to win more often than other numbers. Learn to play casino video games by clicking on the links below.
ReplyDelete