Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

Arduino
Backdoor Challenge Land CTFLearn CyberEDU Webhacking.kr TryHackMe, THM Short CTF
Hacking Tools
Donate
15 August 2020

THM write-up: CC Pen Testing

2 minutes to read

titlecard

Link: https://tryhackme.com/room/ccpentesting

Greeting again, welcome to another short THM CTF write-up. Today, we are going to go through the final task of the pentest crash course. This room created by our lovely para. As for other tasks, you have to read the manual page. Without further ado, let’s get started

Part 1: Enumerate the machine

First off, start the Nmap scanner with the following command.

nmap -A -v <machine IP>

nmap

We have two open ports on the target machine, specifically Port 80 (HTTP) and Port 22 (SSH)

Part 2: Brute-forcing port 80

web

We have an ordinary Apache page on the port 80. Guess we have to brute-force the webserver with gobuster.

gobuster dir -u <Target IP> -w /usr/share/dirb/wordlists/common.txt

gobuster

We found a hidden directory inside the webserver. Visit the directory result on the following page.

hidden

A blank page? Well, that is unusual. Actually there is a file hidden inside the /secret directory. We have to search for the file by using the gobuster with -x option.

gobuster dir -u http://<Target IP>/secret -w /usr/share/dirb/wordlists/common.txt -x txt

secret

Bingo, we found a secret.txt hidden inside a secret directory. Read the file.

nyan

We have a username nyan and an sha1 hashed password.

Part 3: Crack the hash

To crack the hash, simply punch in the following command (for VM)

hashcat -a 0 -m 100 046385855FC9580393853D8E81F240B66FE9A7B8 /usr/share/wordlists/rockyou.txt --force

hashcat

With both username and password, we are able to login to the SSH shell.

Part 4: Privilege escalate

First and foremost, let’s capture user flag.

user

This is the famous phrase used by para. How cute~~~

As for the privsec, simply type in the following command to check our privilege as sudo.

sudo -l

sudo

Cool, we can be a superuser.

sudo su

su

Ta-da, easy point.

Conclusion

That’s all for the quick and simple CTF write up for the pentest crash course. Hope you like it ;)

tags: tryhackme - CTF - recon - cracking - privilege_escalate

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)

Vortex

© 2020 DesKel