wtorek, 17 lipca 2018

in.security - CTF

During last weekend I found few 'new' (for me) CTFs on Vulnhub. After last two I decided to try another one ;] This time I tried the game called "in.security". Here we go...

Link to VM you will find (thanks to the VulnHub! ) - here.

We can start from the scan (nmap):

Ok, nice... With a portlist like that I decided to check all of those ports more carefully. Nmap presented some results from opened ports:

Not much. Anyway... When I saw mountd I decided that it will be a good moment to finally install showmount on my Kali snapshot ;) So:


Oh, hi Peter ;] Can we check your place?  ;]

Yes we can:

Ok, checking target host with rpcinfo:

I tried to mount peter's /home to write, but with no luck this time...

At this time I decided that maybe it will be a good idea to read some description/info about the machine I'm playing...

So ;] Let's start from the (real) 'beginning' ;D

Good, we are in. Let's check what's available:

When you will read the list of tools available via sudo, getting root should take some about one minute ;) I used vi to do that (but if you're not familiar with the topic, g0tmi1k as well as netbiosX already prepared a great lists of tricks to use):

Checking shadow (just in case ;P)


Ok, one more thing Susan:

...and checking su for the secret root ;)

That's all ;]

Big thanks for in.security for preparing the game! :)
Also big thanks goes to VulnHub for sharing all those games.


Brak komentarzy:

Publikowanie komentarza