During last weekend I found
few '
new' (for me)
CTFs on
Vulnhub. After last two I decided to try another one ;] This time I tried the game called "in.security". Here we go...
Link to VM you will find (thanks to the
VulnHub! ) -
here.
We can start from the scan (
nmap):
Ok, nice... With a portlist like that I decided to check all of those ports more carefully. Nmap presented some results from opened ports:
Not much. Anyway... When I saw
mountd I decided that it will be a good moment to finally install
showmount on my Kali snapshot ;) So:
Checking:
Oh, hi Peter ;] Can we check your place? ;]
Yes we can:
Ok, checking target host with
rpcinfo:
I tried to mount peter's /home to write, but with no luck this time...
At this time I decided that maybe it will be a good idea to read some description/info about the machine I'm playing...
So ;] Let's start from the (real) 'beginning' ;D
Good, we are in. Let's check what's available:
When you will read the list of tools available via sudo, getting root should take some about one minute ;) I used vi to do that (but if you're not familiar with the topic,
g0tmi1k as well as
netbiosX already prepared a great lists of tricks to use):
Checking shadow (just in case ;P)
Checking:
Ok, one more thing Susan:
...and checking
su for the secret root ;)
That's all ;]
Big thanks for
in.security for preparing the game! :)
Also big thanks goes to
VulnHub for sharing all those games.
Cheers
o/
Brak komentarzy:
Prześlij komentarz