Gotta Catch'em All
Scanning
Initial nmap scan to find open ports , using the flag "treat all hosts as alive" (-Pn)
Detailed Nmap Scan :
Enumeration
Lets check the website on Port 80
Its a Apache 2 page, lets run a gobuster
scan to find hidden directories.
After the scan finished, we did not find any hidden directories
Looking at the source code of the page, we find something interesting
They look like credentials
, lets login through ssh
.
While exploring the system, we find the answer to the first question in the room
Privilege Escalation
Looking through the machine, we see something interesting in the Videos
directory
Lets check the file in the directory
Looks like we have credentials, lets switch users.
Looking at the permissions of the files in the /home
directory, we can see that we can now read the file that we couldn't before.
This is the answer for the fourth question of this room
Lets run sudo -l
to see what we can run as other users.
Looks like we can run ALL
, so lets switch users to root
We are now root, lets look for all the files that we did not find yet
The files are encrypted, so lets crack them.
Last updated