czwartek, 28 marca 2019

FourAndSix:2 CTF

Last time when I tried CTF from series prepared by Fred Wemeijer it was "4n6 - part 1". This time we will check 2nd VM - FourAndSix:2. Here we go...
We will start here:


Cool, OpenBSD again. Let's check for open ports:


Checking if there will be the same bug as it was before:


Unfortunately no. But I found backup.7z file. Checking:


Great, so I used bash command to (try to) extract the content of the archive:
$ for pwd in `cat /path/to/rockyou.txt'; do 7z x backup.7zip -p $pwd; done

... you should be somewhere here:


Still nope. Checking with another file from /usr/share/wordlists:


Now we are here:


Great, there are new files:


Checking:

Checking:

Hm... did I miss something...?

Again:


Great, we're in!

After some basic enumeration I tried to locate possible suidfiles (saved to /tmp/filename):

$ whatis doas:

 Checking hints from Google:


More hints from github source code:


So:

Ok. After a while I got the idea what should be done here...

Checking:

Nope. Next I decided to use less command mentioned with authlog file (then press 'v' to go to visual mode). As you can see you can see some difference ;]


To escape from less-mode I started (in less) /usr/bin/vi. Then I used it to run sh and grab the final flag:


Very cool CTF. It was nice to play it (as well as part1) :)

Big thanks goes to Fred Wemeijer for preparing those VM's.
Also bit thanks goes to the VulnHub Team for sharing all of those games.

See you next time!

Cheers




Brak komentarzy:

Prześlij komentarz