Your machine can be found here:
After my (nmap) scan there was only one TCP port open:
As you can see at the background I visited the page and there was some kind of a 'default Tomcat' webpage... So (obviously;]) I tried to 'enumerate' admin/manager's panel ;)
After a while (in other console window) I saw some weird results from gobuster:
I decided to stop all 'web scans' and check how can I access /manager/ link... I tried rockyou.txt as well as few other wordlists and in the meantime I decided to change a bit my 'webapp scanning criteria' and (stilll using gobuster) I added 'extension parameter', like this:
That's how I found new link to try. Checking:
Uh. ;] Let's try some 'ls', let's say... null-command?
Cool. ;] Next:
Ok, let's try this 'ls' at last ;]
This was not the 'result' I was looking for... Any hints?
I tried to download 'some file' (read: my meterpreter) as you can see below but it was still with size 0:
I wasn't sure what's the problem. I tried some ps and some other linux-commands to enumerate the OS a little bit more. I also tried to get some 'reverse shell' of course ;] one of the command I used was ssh (CLI client from OpenSSH). And...
What can we do with the hint like that? Maybe some 'Master Development'? ;]
Sure - but I still can not connect to my next system... ;] So I was (again) wondering what's going on...
After a while I knew it! "Let's flush the firewall!" Great idea, so I used: iptables -F (with my ssh chain command) and...
... that's how I needed to restore the whole machine because VM was unable to response. ;]
So - reset. And we are back again, here:
And we are inside the shell of our friend from /home directory (you will find it during your enum).
I decided to check if sudo is still working (with the same behaviour) inside this shell:
Big thanks goes to the author for preparing Depth 1 CTF.
Also big thanks to VulnHub Team for sharing.
See you next time. ;)