Skip to main content

47 VM Bob 1.0.1

Walkthru:

A. http://www.hackingarticles.in/hack-the-bob-1-0-1-vm-ctf-challenge/[webshell, robotos.txt, reverse shell, combining two o/s commands using && and ||, hidden content/information, spawing a python shell, ssh on non default port, search for txt file, password in text file, gpg file where keys is first alphabets of the line of a file,]

B. https://dangwasec.wordpress.com/2018/03/20/ctf-bob-1-0-1-walkthrough/ [burp]

C. https://hackso.me/bob-1.0.1-walkthrough/ [PGPCrack-NG is a program designed to brute-force symmetrically encrypted PGP files not useful here]


Notes:
file notes.sh
#!/bin/bash
clear
echo "-= Notes =-"
echo "Harry Potter is my faviorite"
echo "Are you the real me?"
echo "Right, I'm ordering pizza this is going nowhere"
echo "People just don't get me"
echo "Ohhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh <sea santy here>"
echo "Cucumber"
echo "Rest now your eyes are sleepy"
echo "Are you gonna stop reading this yet?"
echo "Time to fix the server"
echo "Everyone is annoying"
echo "Sticky notes gotta buy em"
Now it doesn’t make any sense at first, but if you look closely for every letter of the sentence and add each for the next consecutive line we are able to construct a word. ‘HARPOCRATES’ [from Walkthru B] and if you google the word it was the Greek god of silence, secrets, and confidentiality.
====
[from walkthru A]
following didnt work
gpg –batch –passphrase HARPOCRATES -d login.txt.gpg
so I tried following which prompts for pwd but worked
gpg --decrypt login.txt.gpg

Comments

Post a Comment

Popular posts from this blog

28 VM SecOS-1

Walkthru: Notes: A. https://c0d3g33k.blogspot.com/2017/01/secos.html [capture admin cookie using 127.0.0.1 in a code  test.html  with cross site scripting vulnerability,  CSRF attack, use exploit 37088 for priv escalation ] B. http://oldsmokingjoe.blogspot.com/2016/01/walkthrough-secos-1.html [ Hacking Node.js and MangoDB   ] c. http://oldsmokingjoe.blogspot.com/2016/01/walkthrough-secos-1.html [use wget to post data from CLI. Add other cmds to ping cmd using curl and wget] D. https://chousensha.github.io/blog/2015/02/04/pentest-lab-secos/ [SSH tunnel so we can access the ping site from Kali and dont have to pass via CLI] Notes: # Nmap 7.70 scan initiated Thu Jul 19 09:26:05 2018 as: nmap -sV -O -oN ../reports/192.168.117.6/192.168.117.6.nmap 192.168.117.6 Nmap scan report for 192.168.117.6 Host is up (0.00042s latency). Not shown: 998 closed ports PORT     STATE SERVICE VERSION 22/tcp   open  ssh     OpenSSH 6.6p1 Ubuntu 2ubuntu1 (Ubuntu Linux; protocol 2.0) 8081/tc
1 comment
Read more

VM 19 : Trollcave: 1.2

Walkthru A. https://davidyat.es/2018/04/08/walkthrough-trollcave/ [stealing cookie but not working as expected. Getting info at the NC prompt but unable to reuse it to get admin web access] B. https://www.youtube.com/watch?v=gfh7wHhMlWg [ruby on rails site/vulnerabilities, dir traversal, login with public key, exploiting vulnerability and adding public keys as authorized_keys in victims computer ,exploiting calculator application/program which is running as root, passing another set of commands as parameters to calc to chown and reverse shell,  netcat without netcat: ] C. https://ohexfortyone.com/2018/03/trollcave-boot-to-root-vm-walkthrough-part-one.html [bash  script to enumerate all users   ] D. https://reedphish.wordpress.com/2018/04/29/trollcave-1-2-walkthrough/ [ linux/x64/meterpreter_reverse_tcp metasploit using an ELF based shell genereated from MSFVenom] E. https://vulniverse.blogspot.com/2018/04/trollcave-1.html [Text walktru of B] F. https://hackso.me/trollcave-1
Post a Comment
Read more

38 VM : d0not5top: 1.2

https://www.vulnhub.com/?q=D0Not5top&sort=date-des&type=vm Walkthru: A. https://github.com/Hamza-Megahed/CTFs/blob/master/d0not5top/README [  burp proxy, adding hostnames to /etc/host shows following but not working for me. Not showing localhost stuff, $ dirb http://172.16.34.163/control/ -X .txt,.php,.html     + http://172.16.34.163/control/hosts.txt     127.0.0.1 localhost     127.0.0.1 D0Not5top.ctf     #127.0.0.1       MadBroAdN1n.ctf ## AD105 M0F05] B. https://adaywithtape.blogspot.com/2017/04/vulnhub-d0not5top-writeup.html [use nc cmd to get the flag and echo cmd to decode the flag, wfuzz, virtualhost, partially binary string, google language translate, curl  -header  host request, additional domains, OWSAP ZAP, exiftool, HD, hash64,] wfuzz -c -w /usr/share/seclists/Discovery/Web_Content/common.txt --hc 404 192.168.56.102/FUZZ Changing the syntax just a tad to only show html 200 codes and be recursive down to 3 directories gives a clearer view of none
Post a Comment
Read more