CTF BoilCTF

CTF Buffer overflow

Created At : 2023-02-20 02:00

Count:148 Views 👀 :25

rustcan
FTP
Robots.txt
Port 10000
gobuster
Get shell
Enum

rustcan

rustscan -a 10.10.242.254language-bashCopy

Output:

PORT      STATE SERVICE          REASON
21/tcp    open  ftp              syn-ack
80/tcp    open  http             syn-ack
10000/tcp open  snet-sensor-mgmt syn-ack
55007/tcp open  unknown          syn-acklanguage-bashCopy

FTP

ftp 10.10.242.254 language-bsahCopy

Let’s download it.

You can decode it: https://www.dcode.fr/rot-13-cipher

Just wanted to see if you find it. Lol. Remember: Enumeration is the key!

Nothing int he ftp.

Robots.txt

http://10.10.242.254/robots.txt

kidding

Port 10000

Change the /etc/hosts

gobuster

gobuster dir -u http://10.10.242.254/ -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt language-bashCopy

gobuster dir -u http://10.10.242.254/joomla -x txt,html,php -w /usr/share/wordlists/dirb/common.txt language-bashCopy

Get shell

https://www.exploit-db.com/exploits/47204

Enum

inside log.txt
superduperp@$$

Into backup.sh:

superduperp@$$no1knows