TakeOver
Last updated
Last updated
Start Machine
Hello there,
I am the CEO and one of the co-founders of futurevera.thm. In Futurevera, we believe that the future is in space. We do a lot of space research and write blogs about it. We used to help students with space questions, but we are rebuilding our support.
Recently blackhat hackers approached us saying they could takeover and are asking us for a big ransom. Please help us to find what they can takeover.
Our website is located at https://futurevera.thm
Hint: Don't forget to add the MACHINE_IP in /etc/hosts for futurevera.thm ; )
Answer the questions below
What's the value of the flag?
┌──(kali㉿kali)-[~/Downloads]
└─$ tail /etc/hosts
10.10.167.117 dev.team.thm
10.10.29.100 set.windcorp.thm
10.10.20.190 Osiris.windcorp.thm Osiris osiris.windcorp.thm
10.10.37.31 UNATCO
10.10.73.143 jack.thm
#127.0.0.1 newcms.mofo.pwn
10.200.108.33 holo.live
10.200.108.33 www.holo.live admin.holo.live dev.holo.live
10.10.146.26 severnaya-station.com
10.10.211.130 futurevera.thm
https://futurevera.thm/
┌──(kali㉿kali)-[~/Downloads]
└─$ gobuster dir -u https://futurevera.thm/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 64 -k
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: https://futurevera.thm/
[+] Method: GET
[+] Threads: 64
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.3
[+] Timeout: 10s
===============================================================
2023/02/03 17:30:29 Starting gobuster in directory enumeration mode
===============================================================
/assets (Status: 301) [Size: 319] [--> https://futurevera.thm/assets/]
/css (Status: 301) [Size: 316] [--> https://futurevera.thm/css/]
/js (Status: 301) [Size: 315] [--> https://futurevera.thm/js/]
/server-status (Status: 403) [Size: 280]
Progress: 113788 / 220561 (51.59%)^C
[!] Keyboard interrupt detected, terminating.
===============================================================
2023/02/03 17:36:55 Finished
===============================================================
looking subdomains
┌──(kali㉿kali)-[~/Downloads]
└─$ gobuster vhost -u https://futurevera.thm/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain false -k -t 64
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: https://futurevera.thm/
[+] Method: GET
[+] Threads: 64
[+] Wordlist: /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
[+] User Agent: gobuster/3.3
[+] Timeout: 10s
[+] Append Domain: true
===============================================================
2023/02/03 17:38:24 Starting gobuster in VHOST enumeration mode
===============================================================
Found: blog.futurevera.thm Status: 421 [Size: 408]
Found: support.futurevera.thm Status: 421 [Size: 411]
Progress: 114410 / 114442 (99.97%)===============================================================
2023/02/03 17:45:23 Finished
===============================================================
found 2 subdomains
┌──(kali㉿kali)-[~/Downloads]
└─$ tail /etc/hosts
10.10.167.117 dev.team.thm
10.10.29.100 set.windcorp.thm
10.10.20.190 Osiris.windcorp.thm Osiris osiris.windcorp.thm
10.10.37.31 UNATCO
10.10.73.143 jack.thm
#127.0.0.1 newcms.mofo.pwn
10.200.108.33 holo.live
10.200.108.33 www.holo.live admin.holo.live dev.holo.live
10.10.146.26 severnaya-station.com
10.10.211.130 futurevera.thm blog.futurevera.thm support.futurevera.thm
https://support.futurevera.thm/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>FutureVera - Support</title>
<link rel="icon" type="image/x-icon" href="assets/favicon.ico" />
<link href="css/styles.css" rel="stylesheet" />
</head>
<body>
<!-- Background Video-->
<video class="bg-video" playsinline="playsinline" autoplay="autoplay" muted="muted" loop="loop"><source src="assets/mp4/bg.mp4" type="video/mp4" /></video>
<!-- Masthead-->
<div class="masthead">
<div class="masthead-content text-white">
<div class="container-fluid px-4 px-lg-0">
<h1 class="fst-italic lh-1 mb-4">We are recreating our Support website.</h1>
<p class="mb-5">We're working hard to finish the re-development of our support website.</p>
</div>
<div class="col-md-10 col-lg-8 col-xl-7">
<div class="small text-center text-muted fst-italic">Copyright ©futurevera.thm</div>
</div>
</div>
</div>
<!-- Theme is taken from https://startbootstrap.com -->
<!-- Bootstrap core JS-->
<script src="js/bootstrap.bundle.min.js"></script>
<!-- Core theme JS-->
<script src="js/scripts.js"></script>
</body>
</html>
View certificate
about:certificate?cert=MIID1DCCArygAwIBAgIUauW3cx0CzRBzqYjg5HMaPwCIbJIwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjERMA8GA1UEBwwIUG9ydGxhbmQxEzARBgNVBAoMCkZ1dHVyZXZlcmExDDAKBgNVBAsMA1RobTEfMB0GA1UEAwwWc3VwcG9ydC5mdXR1cmV2ZXJhLnRobTAeFw0yMjAzMTMxNDI2MjRaFw0yNDAzMTIxNDI2MjRaMHUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMRMwEQYDVQQKDApGdXR1cmV2ZXJhMQwwCgYDVQQLDANUaG0xHzAdBgNVBAMMFnN1cHBvcnQuZnV0dXJldmVyYS50aG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCam2TIcJoT0V4OyJPrAtr3JW%2FH14xrPxSQHe3JjxqwSH1HcQh13NdJRyZl%2FhFoNpKJQIur%2B2EPN32SSHoAI0Fy7x%2BcJxNMjeRl5TDFsU5af%2BTf7Pzi8xnF0c82OOC0RDOE8sVhP2OFMx95rS283KxVwjpCGHBzkHsvIVLDjIvhs3b0Xfnscao%2BH9PProJSNkMBZc5ZRJ6MYtHm74MPdVdmbWuyIeNkaK%2BslQ73xKZhRxlYlUhULhzxursi4qgJS5SpDQdc4fVFd3VFa9TJ0VUBWUsXupibA3DFTmkoGSyDQRjEwBcOoWcfqF6VWA%2BBJL%2Ff%2FOKrP1THuAuQvCHwa7YrAgMBAAGjXDBaMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggrBgEFBQcDATA2BgNVHREELzAtgitzZWNyZXRoZWxwZGVzazkzNDc1Mi5zdXBwb3J0LmZ1dHVyZXZlcmEudGhtMA0GCSqGSIb3DQEBCwUAA4IBAQCTUYQLIjsHa42CQDgkqOjmMxlbw%2BYE3lBfhfzs3kDLTLX0xdq1%2BJqNwMVU10PSxSqEG58toZVumHP1y72n3glXUE5EEpjEOqDfWe6V7Qnzr8rRp1ceofLx3tXGNg7UGCl0wtMv2SQhJfYbGFY%2B%2FnWVv3%2BPxRUaHYDyKNqR9zkhpKYtfco9VHVHYiAbo4VZwLNM6kuyxKXqDSPrlZQ%2BlrwYDPVFoIygjInvGv1XqrHJaxzNZflaDMc0%2BwBc0SMOD3YHuTnlbI0hqEgr2dT7IcNQeEGrUL7H5thgGwbucRuXIXyqz1HUprNBHcT1TOoUlF4OYm9VnHzvAX8BcfxY8N5y
DNS Name
secrethelpdesk934752.support.futurevera.thm
┌──(kali㉿kali)-[~/Downloads]
└─$ tail /etc/hosts
10.10.167.117 dev.team.thm
10.10.29.100 set.windcorp.thm
10.10.20.190 Osiris.windcorp.thm Osiris osiris.windcorp.thm
10.10.37.31 UNATCO
10.10.73.143 jack.thm
#127.0.0.1 newcms.mofo.pwn
10.200.108.33 holo.live
10.200.108.33 www.holo.live admin.holo.live dev.holo.live
10.10.146.26 severnaya-station.com
10.10.211.130 futurevera.thm blog.futurevera.thm support.futurevera.thm secrethelpdesk934752.support.futurevera.thm
going to https://secrethelpdesk934752.support.futurevera.thm
http://flag{beea0d6edfcee06a59b83fb50ae81b2f}.s3-website-us-west-3.amazonaws.com/
YmFuZ2Jyb3MuY29t
14fufbyfgpqwuzdmv15:51jbyjkuht61
bXlwaWNrdXBnaXJscy5jb20= jonfuxon:sterco20This is an enumeration challenge, once you will find it, it will straight up give you the flag.
flag{beea0d6edfcee06a59b83fb50ae81b2f}
[[Boiler CTF]]
