Machine Creator: SirenCeol & Cowonaboat
Task: To find User.txt and Root.txt
Let’s start with an NMAP scan.
nmap -sV -sC 10.10.10.47
When we open the website in a browser, we can see that there is a Shrek fansite. Also on this page, we can see an image gallery and an upload page.
gobuster -u http://10.10.10.47 -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-small.txt -t 40 -x .html,.php
Modifying the spectrogram settings we can see a hidden message that appears to be FTP credentials “donkey:d0nk3y1337!”.
echo UHJpbmNlQ2hhcm1pbmc= | base64 -d
Viewing the second file the same way we see another area with gaps and an embedded base64 encoded string. When we decode this, we get encrypted ciphertext.
Using the encrypted RSA key file that we downloaded from the FTP server earlier and the new password that we decrypted we are now able to SSH using the username sec.
sudo -u farquad /usr/bin/vi
find / -type f -newermt 2017-08-20 ! -newermt 2017-08-24 2>/dev/null
If we create a test file in the/usr/src/ directory after a few mins the cron job modifies this file.