Hello everyone.Today i will explain how you can hack the “The Server From Hell” machine.Let’s start hack this machine.
First i want to enumerate open ports but i saw “Start at port 1337 and enumerate your way.Good luck” message in CTF description.
I need find “Trollface” and it is in first 100 port.I want to create a for loop.
for i in {1..100};do nc <ip address> $i;done
Ops!I found a hint.
I found NFS share and i will get /home/nfs file to my own machine(i created testmount folder for NFS).
Awesome!I tried unzip file but i need a password.Now i should crack of backup.zip password.
/usr/sbin/zip2john backup.zip > hashbackup
john hashbackup — wordlist=/usr/share/wordlists/rockyou.txt
I found a “/home/hades” folder in backup.zip.
I found id_rsa key but i cant connect SSH because SSH service is not working on 22(default SSH port).Again i will create a for loop.
I found SSH port and i connected.
I exited from Ruby shell.I need privilege escalation.I looked Suid bit but i cant find anything.I used getcap.
Now i can copy “root” folder in a “tar” file.
Nice Job!
Thanks for read my writeup.