Gotta Catch'em All

Scanning

Initial nmap scan to find open ports , using the flag "treat all hosts as alive" (-Pn)

nmap -Pn 10.10.19.228

Detailed Nmap Scan :

nmap -sV -sC -p 22,80 -oN nmap 10.10.19.228

Enumeration

Lets check the website on Port 80

Its a Apache 2 page, lets run a gobuster scan to find hidden directories.

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.10.19.228/

After the scan finished, we did not find any hidden directories

Looking at the source code of the page, we find something interesting

They look like credentials , lets login through ssh.

While exploring the system, we find the answer to the first question in the room

Privilege Escalation

Looking through the machine, we see something interesting in the Videos directory

Lets check the file in the directory

Looks like we have credentials, lets switch users.

Looking at the permissions of the files in the /home directory, we can see that we can now read the file that we couldn't before.

This is the answer for the fourth question of this room

Lets run sudo -l to see what we can run as other users.

Looks like we can run ALL, so lets switch users to root

We are now root, lets look for all the files that we did not find yet

The files are encrypted, so lets crack them.

Last updated