MyBox
Hi folks,
In this article, we are going to learn new topics & going to crack the difficulty level box.
Deploy the machine
After connecting vpn, check connectivity.
Enumeration
As, we always know, the first step is to scan the open ports using nmap.
Here, we can see the port 22,111,2049 & 8082.
As port 8082 is open, we will check with web-server
Here, we dont get any information. So we will check with the page-source
We got flag1
Since, there are no other information to proceed, we will decode the flag1 using “cyberchef”
By decoding it, we got the username & password.
Since, port 22 is open. We will try to login with ssh with the credentials we got.
We got user shell
We got 1 file & 1 directory in user login. We will check it one-by-one
In the examples.desktop file, we dont find any useful information.
So, lets check directory
In FunnyThing directory we got a jpeg file.
Lets download it to our kali machine using python
Open the thm machine ip in browser along with the port
Download the file & check it as password using stegseek tool
It shows there is no password for the file. So, we will extract the content of jpeg file using steghide tool
We can see the extracted fils is saves as secret1.txt
We will find the content of extracted file.
we got flag2.
Again we will decode it using “cyberchef”
We got another username & password
We will login again with ssh with the credentials we got from flag2
We got user shell
We will check the directories of user “arun”
Here, we can see a folder called sudoers.
We will check it
#cat /etc/sudoers
We got pwfeedback exploit, which is buffer overflow
Search it in google.
We got github for this exploit
We will clone it in our kali
We got an exploit.c from the downloaded git
We will download it to user arun, by using python
By using “wget” command we can get the file from kali to user arun
After downloading, compile the file using gcc
#gcc -o exploit exploit.c
We got root access
As we didn’t find anything in root directory, we will check outside it
We will check all the hidden files
Here, we can see .Finish file
We will check the content of the file
We got Flag3
I believe you guys have learned new things from this article. I will see you in next article.
Happy Learning!!!!