CTF BoilCTF

CTF Buffer overflow
Created At :
Count:148 Views 👀 :
  1. rustcan
  2. FTP
  3. Robots.txt
  4. Port 10000
  5. gobuster
  6. Get shell
  7. Enum

rustcan

rustscan -a 10.10.242.254

Output:

PORT      STATE SERVICE          REASON
21/tcp    open  ftp              syn-ack
80/tcp    open  http             syn-ack
10000/tcp open  snet-sensor-mgmt syn-ack
55007/tcp open  unknown          syn-ack

FTP

ftp 10.10.242.254

Let’s download it.

You can decode it: https://www.dcode.fr/rot-13-cipher

Just wanted to see if you find it. Lol. Remember: Enumeration is the key!

Nothing int he ftp.

Robots.txt

http://10.10.242.254/robots.txt

kidding

Port 10000

Change the /etc/hosts

gobuster

gobuster dir -u http://10.10.242.254/ -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 

gobuster dir -u http://10.10.242.254/joomla -x txt,html,php -w /usr/share/wordlists/dirb/common.txt

Get shell

https://www.exploit-db.com/exploits/47204

Enum

inside log.txt
superduperp@$$

Into backup.sh:

superduperp@$$no1knows

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme