CTF - Toppo

Home Blog


Found a new CTF I decided to try out. This one is very easy. I’ll have a look at some harder ones in the future

NMAP/NIKTO:

NMAP results has given me a couple of ports to look out for. I normally always launch a web browser and have a look at the contents whenever I see port 80, so thats what I do next.

In the background, I complete a nikto scan on the web browser to see for anything interesting. From the above screenshot, something that caught my eye was the /admin page.

Browsing 192.168.56.4 on a web browser didn’t give me anything interesting, however the /admin did.

I found a notes.txt file and proceeded to open it.

Viewing the file I can see that there is a password in clear text. 12345ted123. A colleague has stated to try ted as the username. So lets give that a go with SSH.

SSH

Logged in successfully! I typed in id / whoami / uname -a (to see if I can dirty cow this box), however it was a newer version of the Kernal. I also decided to cd /root to see if I have permissions in the below screenshot.

FLAG

Next I decided to drop a shell by typing in python -c ‘import pty; pty.spawn(“/bin/sh”)’. This works. I then typed in id / whoami . Found out that I was root straight away, I cd /root and cat the flag!!

THOUGHTS:

This was much easier. However there were a couple of things to keep in mind. Because that this was an easy machine, I should of kept it simple. I went down different rabbit holes that took hours and wasted a lot of time. When I gain access, I should drop a shell just in case it gives me root like this.

Until next time..

Emma Watson Weird Smile GIF by Cheezburger - Find & Share on GIPHY