Hello again, today we'll cover another CTF made by Tryhackme.com such a cool box I enjoyed every second of it, I hope you do and let's start our challenge with some enumeration.
nmap -sC -sV <target-machine>
it looks like we don't have much to break, two ports. 22 for ssh and 80 http, So first what I usually do is give a quick check to the source code of the site in case something is hidden there, and after we have an idea about what we are dealing with, let's check for some directories
That is such a weird robots.txt file! it may be something useful for us, so we will keep it aside and it is weird that we have a username without login panel let's nikto the hell of this box
after finding the login page first what I tried was the famous quote from Rick Wabbalubbadubdub!!!! and we got a command panel that connects us as the user www-data
so when we ls -la we notice that there are two files Sup3rwhatever.txt and clue.txt let's try and open them in the browser.
the first file is our first flag, the second file tells us to look around the system, for my case I tried to get a reverse shell because that command prompt wasn't satisfying, well guess what every time you'll get a reverse one it will shutdown no matter how much you'll try so don't dig hard in that rabbit hole, and the second thing the command panel we have filters the queries and if one of them is cat, head, tail, whatever ... it won't work, lucky us we still have access to find and less that's all we need 🙃 after digging in directories with ls -la /stuff/that/linux/have.
here we go we have the second ingredients for rick, later when I was trying many commands to find files and try to use any process to access the root directory, I thought about the first thing I try to priv escalate which is sudo -l and yep we had it all in front of our eyes
and that's it you are root and you have the third file that contains the last flag for the machine and everything is done the headaches are gone, but to be honest, it is a very cute challenge not hard at all, little bit of twists, but that's the beauty of it you better get used to it.
Happy hacking!You can support my content, and help me do more and more by becoming a Patron!