📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • Task 1: Forensics - Analyze the PCAP
  • Task 2: Research - Analyze the code
  • Task 3: Attack - Get back in

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

OverPass 2 - Hacked

PreviousJavaScript BasicsNextLinux: Local Enumeration

Last updated 3 years ago

Was this helpful?

Task 1: Forensics - Analyze the PCAP

Lets download the PCAP file and open it in wireshark

As they asked what is the URL of the page they used to upload a reverse shell lets look at the http packets

Lets follow the TCP Stream

We have the page

Next we need to find the payload the attacker used to gain access.

Looking at another http file, we can see this

Next lets look at a random file in wireshark, we see this

We have the password. Scrolling down a bit we see the link the attacker downloaded that is used for persistent on the machine

In the same file, we can see how many of the system passwords were cracked.

We are done with the questions in this task

Task 2: Research - Analyze the code

Lets look at the code of the backdoor the attacker downloaded by downloading it to our machine

Looking at the main.go file, we see the default hash for the backdoor

Scrolling to the end of the file, we see the salt for the backdoor

We can find the hash the attacker used in the same pcap file we opened earlier

Lets crack the hash using hashcat

Task 3: Attack - Get back in

Lets run a nmap scan to see open ports on the machine

Lets visit the website

Lets now follow what the attacker did and get into the machine. Lets login through ssh on port 22 as the user james and use the password we cracked earlier.

Lets read the user flag

Lets look for SUID files and see if we can find any interesting ones.

This is one is interesting and not common, lets check it out

So it gives us a shell as the user we want, lets try running it so that we can get a root shell. This can be found on GTFOBins

We are now root , lets read the root flag