-->
Bayu_Ajie
Bayu_Ajie knowledge is free you can learn anything

CTF MONEYBOX: 1Write Up

   

CTF MONEYBOX: 1Write Up

MONEYBOX: 1Write Up

Virtual Machine       : MONEYBOX: 1

Source                        : Vulnhub

Author VM                : https://www.vulnhub.com/author/kirthik_t,782/

Link VM                    : https://www.vulnhub.com/entry/moneybox-1,653/

Goal                            : 3 Flag



1.     Scanning Target




Important points of scanning results:

·         List Port


There are several ports found:


o   Port 80 HTTP


or Port 21 FTP


o   Port 22 SSH


·         Scanning Port


After the open port is obtained, the next step is to access the port, in order to get any information that can be taken to get the flag


o Port 21


            The ftp port or port 21 here looks for security holes from the ftp version by trying to embed a backdor.


 Backdor planting is not allowed because the ftp on this server only allows anonymous access.

 



the ftp contains an image. because there is no other information then look for another port. try port 80



 

Port 80 or http port displays information in such a way, try to do an inspect element, in order to find out whether there is information hidden or not.


 


 

Yup, it turns out that there is a hidden clue, let's try to access it


The next clue is extracting data?? because the data found is an image on the ftp port earlier, then use steganography, which is the art of hiding information. https://www.yeahhub.com/top-steganography-tools-ctf-challenges/

Here trying to use steghide because what was found was an image and had to do the image extraction process.


  And sure enough, data.txt was found hmm


 The next clue is renu, maybe the username for the ssh port, because the ftp port is only for anonymous, then look for the password for ssh access here using the bruteforce password obtained from rockyuou.txt


 

Flag 1 obtained

Trying to find the 2nd flag


The second flag is obtained, it turns out that on the server there are 2 users who use 1 lily, 2 renu, because flag 1 is obtained from renu, it is most likely that flag 2 is on lily.


To enter into user lily there is an ssh directory which is a key to login to user lily, then try to find flag 3, the flag is not found on user lily then the most likely flag 3 is on root, therefore trying to find a way to get root access with sudo -l ,and perl can be the way.


 

https://www.hackingarticles.in/linux-for-pentester-perl-privilege-escalation/

https://jieliau.medium.com/privilege-escalation-on-linux-platform-8b3fbd0b1dd4


And even though, the flag was obtained, thank you


 

 

Keyword Search 

  • Moneybox Ctf
  • Ctf Tricks
  • Writeup Ctf
  • Hacking Tricks

 

Bayu_Ajie
Bayu_Ajie  knowledge is free you can learn anything
« Newest
Newer Posts
Oldest »
Older Posts

Comments