During last weekend I found few 'new' (for me) CTFs on Vulnhub. After last two I decided to try another one ;] This time I tried the game called "in.security". Here we go...
Link to VM you will find (thanks to the VulnHub! ) - here.
We can start from the scan (nmap):
Ok, nice... With a portlist like that I decided to check all of those ports more carefully. Nmap presented some results from opened ports:
Not much. Anyway... When I saw mountd I decided that it will be a good moment to finally install showmount on my Kali snapshot ;) So:
Checking:
Oh, hi Peter ;] Can we check your place? ;]
Yes we can:
Ok, checking target host with rpcinfo:
I tried to mount peter's /home to write, but with no luck this time...
At this time I decided that maybe it will be a good idea to read some description/info about the machine I'm playing...
So ;] Let's start from the (real) 'beginning' ;D
Good, we are in. Let's check what's available:
When you will read the list of tools available via sudo, getting root should take some about one minute ;) I used vi to do that (but if you're not familiar with the topic, g0tmi1k as well as netbiosX already prepared a great lists of tricks to use):
Checking shadow (just in case ;P)
Checking:
Ok, one more thing Susan:
...and checking su for the secret root ;)
That's all ;]
Big thanks for in.security for preparing the game! :)
Also big thanks goes to VulnHub for sharing all those games.
Cheers
o/
Brak komentarzy:
Prześlij komentarz