avatarExploit The Edge

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2067

Abstract

m.com/v2/resize:fit:800/1*AfYEA1MKB0b-ZsAFUQ_Slw.jpeg"><figcaption></figcaption></figure><p id="d5a9">The extracted information includes a username, while the password remains obfuscated. It is essential to decipher the obscured password:</p><figure id="21c8"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*j8WysXPqtUJi7AgsSbmomA.jpeg"><figcaption></figcaption></figure><p id="63f6">Subsequent decryption efforts will be undertaken 😄:</p><figure id="d015"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*uo8tMMjc4Tt1DjLDaOyR7Q.jpeg"><figcaption></figcaption></figure><p id="6cbe">With access credentials secured, an exploration of the enumerated directories, as identified by Go Buster, reveals a specific access request:</p><figure id="c454"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*a5Vv9FwIw-971aMR0ij7ow.jpeg"><figcaption></figcaption></figure><p id="1d8f">Access has been granted! The next step involves uploading a reverse shell, which requires customization with the appropriate IP address. Note that a VPN is being employed, and the IP address within the “tun0” section is relevant:</p><figure id="ceaa"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*XCj3uz7reGHq7vKTw8hTlA.jpeg"><figcaption></figcaption></figure><figure id="70cd"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*0zrzVd_utDvfmDPqKy56GQ.jpeg"><figcaption></figcaption></figure><p id="1804">Despite initial upload attempts failing, an alternative path via the “ads” section was successful. The subsequent process remains analogous:</p><figure id="2a2d"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*CXk2p29FkcI5jP5dhsQBAg.jpeg"><figcaption></figcaption></figure><p id="8a48">With preparations complete, a designated port is listened on, facilitating the initiation of the reverse shell:</p><figure id="ddfe"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*V181wvYh5sPc3-hRtPMNyw.jpeg"><figcaption></figcaption></figure><p id="3976">Upon successful connectio

Options

n, the initial “user.txt” flag is located within the “/home/itguy” directory. However, achieving root-level access necessitates a privilege escalation endeavor:</p><figure id="1eee"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*B_nabULotNH8yrcECnrYSw.jpeg"><figcaption></figcaption></figure><p id="e69f">A notable “.pl” file is identified, which currently lacks root-level access. It holds potential for privilege escalation, achievable by substituting the IP address and port parameters:</p><figure id="9a4f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*uC82H7Lvkvjhmm_CcymxOA.jpeg"><figcaption></figcaption></figure><p id="49df">With the adjusted “.pl” file ready, a new netcat listener is established on the specified port. This sets the stage for opening the modified Perl script:</p><figure id="749b"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*bc1lspzITs4WDJuEJwPHgA.jpeg"><figcaption></figcaption></figure><p id="e8af">At this point, root-level access is attained, facilitating the search for the root flag:</p><figure id="1915"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*-oRz5sZ-Yz-x__tzPrvqmg.jpeg"><figcaption></figcaption></figure><p id="4244">This concludes the steps needed to complete the CTF challenge.</p><p id="1975">If you liked it and want to see more, here’s another one:</p><div id="c721" class="link-block"> <a href="https://readmedium.com/bounty-hackers-ctf-by-try-hack-me-277ca26374d9"> <div> <div> <h2>Bounty Hackers CTF by Try Hack Me</h2> <div><h3>Are you ready to embark on an exhilarating virtual journey as a bounty Hacker? So, gear up, grab your cyber tools, and…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*1mtQwkgfzGNK8xB5RxWY5A.jpeg)"></div> </div> </div> </a> </div></article></body>

Lazy Admin — Try Hack Me CTF Challenge

Easy Hacking Challenge

https://tryhackme.com/room/lazyadmin

Firstly, let’s initiate an NMAP scan:

Progressing forward, two pieces of information have been acquired: potential usage of SSH or HTTP protocols. Notably, there are vulnerabilities associated with each of these services. For instance, in the case of SSH, an identified vulnerability is as follows:

Now, let’s proceed to explore the contents of the web server:

Examination of the source code yielded no significant outcomes. It is advisable to deploy a tool like “Go Buster” for additional reconnaissance:

From the results of the directory bruteforcing, various folders were discovered, and it was identified that the CMS “SweetRice” is being utilized by the administrator. This knowledge may be leveraged for potential exploitation:

An intriguing MySQL backup was detected. This resource will be retrieved for subsequent analysis:

The extracted information includes a username, while the password remains obfuscated. It is essential to decipher the obscured password:

Subsequent decryption efforts will be undertaken 😄:

With access credentials secured, an exploration of the enumerated directories, as identified by Go Buster, reveals a specific access request:

Access has been granted! The next step involves uploading a reverse shell, which requires customization with the appropriate IP address. Note that a VPN is being employed, and the IP address within the “tun0” section is relevant:

Despite initial upload attempts failing, an alternative path via the “ads” section was successful. The subsequent process remains analogous:

With preparations complete, a designated port is listened on, facilitating the initiation of the reverse shell:

Upon successful connection, the initial “user.txt” flag is located within the “/home/itguy” directory. However, achieving root-level access necessitates a privilege escalation endeavor:

A notable “.pl” file is identified, which currently lacks root-level access. It holds potential for privilege escalation, achievable by substituting the IP address and port parameters:

With the adjusted “.pl” file ready, a new netcat listener is established on the specified port. This sets the stage for opening the modified Perl script:

At this point, root-level access is attained, facilitating the search for the root flag:

This concludes the steps needed to complete the CTF challenge.

If you liked it and want to see more, here’s another one:

Hacking
Ctf
Ctf Writeup
Tryhackme
Tryhackme Walkthrough
Recommended from ReadMedium
avatarK9ine95
Block ~ Tryhackme ~ walkthrough

One of your junior system administrators forgot to deactivate two accounts from a pair of recently fired employees. We believe these…

5 min read
avatarembossdotar
TryHackMe — Forensic Imaging — Writeup

Key points: Forensic | Forensic Imaging | Digital Forensics | DFIR | Linux | bash | Forensic Image. Forensic Imaging by awesome TryHackMe…

3 min read
avatarEmilio Pancubit
TryHackMe Lab —Mr Robot CTF Walkthrough

Can you root this Mr. Robot styled machine? This is a virtual machine meant for beginners/intermediate users. There are 3 hidden keys…

7 min read
avatarSamxia99
Anthem CTF Walkthrough | THM

exploit a Windows machine in this beginner-level challenge.

6 min read
avatarMAGESH
Disgruntled -Tryhackme

Use your Linux forensics knowledge to investigate an incident.

3 min read
avatarHaroon
Sea-Hack The Box Walkthrough

Introduction

7 min read