avatarExploit The Edge

Summary

The website content outlines a step-by-step guide for participants in the Bounty Hackers CTF challenge by Try Hack Me, detailing the process of hacking into a system, from initial reconnaissance to privilege escalation and flag capture.

Abstract

The Bounty Hackers CTF by Try Hack Me is a virtual challenge designed to simulate the experience of a bounty hunter in the cybersecurity realm. Participants are encouraged to conduct a thorough nmap scan to identify vulnerabilities in the target system. The guide suggests starting with an anonymous FTP login to access files that may contain crucial information, such as a password in lock.txt. The ultimate goal is to gain root access and find the hidden flags within the system. The narrative section provides hints without revealing too much, while the step-by-step section offers explicit instructions and screenshots, including the use of GTFO Bins to exploit misconfigured binaries for privilege escalation.

Opinions

  • The author believes in providing a mix of narrative clues and explicit instructions to guide participants through the CTF challenge.
  • There is an emphasis on the importance of reconnaissance and the use of tools like nmap to gather initial intelligence.
  • The guide suggests that FTP with anonymous login credentials is a common vulnerability that can be exploited to gain initial access.
  • The author highlights the significance of GTFO Bins as a resource for leveraging binary vulnerabilities to escalate privileges.
  • The step-by-step instructions are accompanied by clear warnings about spoilers, indicating respect for the reader's desire to solve challenges independently.
  • The inclusion of the OhSINT TryHackMe Challenge link suggests the author values continuous learning and practice in the field of cybersecurity.

Bounty Hackers CTF by Try Hack Me

Are you ready to embark on an exhilarating virtual journey as a bounty Hacker? So, gear up, grab your cyber tools, and let’s get started!

image from tryhackme.com

You will see two sections: one written as a story, to give you a clue of what to do without unveiling everything; the other is crystal clear, with all the screenshots and the steps I took to get the flags. Spoiler alerts. You’ve been warned.

Section 1: Only Writing without screenshots

To begin our adventure, the first step is conducting an extensive nmap scan to gain information about the target. This will help us identify any open ports, services, and potential vulnerabilities.

Once we have our reconnaissance in place, it’s time to explore further. One common entry point we often encounter is FTP (File Transfer Protocol) with anonymous login credentials. By leveraging this access, we can browse and download files or even use the ‘cat’ command to read the contents of files.txt, potentially uncovering valuable clues or hidden information.

As we progress deeper into the target system, we stumble upon a file called lock.txt. Our immediate goal becomes using the password contained within this mysterious text file. With the password in hand, we can proceed to SSH (Secure Shell) into the system, gaining access to a more privileged environment.

Now, the real challenge awaits us — finding the elusive flag 1. However, as we navigate further into the system, we realize that achieving root privileges is essential for finding the flag.

Fortunately, in our quest for root privileges, we can have help from GTFO Bin (Get The F%@# Out Binary), a valuable resource that can assist us in leveraging binaries with misconfigured permissions or vulnerabilities. This discovery opens up new avenues and possibilities, leading us closer to achieving our ultimate objective.

With newfound knowledge, we apply what we have learned and found about GTFO Bins. One notable example is using the tar command with elevated privileges obtained via sudo. By carefully executing this technique, we can escalate our privileges and inch closer to our goal.

One step away from our grand victory, we push ourselves to the limit. The final challenge is finding flag 2, just by searching through the folders.

Section 2: The CTF Step by Step

(Warning: FLAGS in CLEAR!)

nmap scan:

ftp anonymous login

Find and download files (or simply cat files.txt)

Find the password from the lock.txt file

SSH in

Find the flag 1

We need root privileges

GTFO Bin can help us

Apply what you have found on GTFO Bins (tar — sudo)

If you liked this, you have another one here:

Thanks for following through on this CTF!

Ctf
Tryhackme
Hacking
Capture The Flag
Ctf Walkthrough
Recommended from ReadMedium
avatarSatyam Pathania
Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace

Satyam Pathania

2 min read
avatarAbdul Issa
Capture The Flag (CTF) Resources For Beginners

Beginner-Friendly Resources To Help With Your CTF Journey

10 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarembossdotar
TryHackMe — Enumeration & Brute Force — Writeup

Key points: Enumeration | Brute Force | Exploring Authentication Mechanisms | Common Places to Enumerate | Verbose Errors | Password Reset…

3 min read
avatarTony Mersan
Pegasus Hardened Method [NSA CIA FBI GOB]

2 min read
avatarShaikh Minhaz
How To Find Your 1st Bug For Bug Bounty Hunters (Step by Step Guide) Guarantee Result

How To Find Your 1st Bug For Bug Bounty Hunters (Step by Step Guide) Guarantee Result

4 min read