You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker!
You were boasting on and on about your elite hacker skills in the bar and a few Bounty Hunters decided they'd take you up on claims! Prove your status is more than just a few glasses at the bar. I sense bell peppers & beef in your future!
Deploying the machine was easy so there's the first question down ;) - let's enumerate, as always, with an nmap.
Looks like 3 open ports - FTP, SSH and an Apache web server
Since we don't have any credentials, the only thing we can do is hit that website. Looks like it takes us to a cowboy bebop site with some of the speech we heard in the room introduction.
Ran a dirb and gobuster but nothing - just an images folder with the header graphic. The hint asks us to check FTP and look at that... it allows anonymous usage.
Let's download both of the files we see in there and check 'em out.
The answer is lin
Using Hydra, we can take that username and the locks file and figure out the password for ssh.
The answer is ssh
The next answer is RedDr4gonSynd1cat3
We then SSH into the system with the credentials and pop the user flag.
The answer is THM{CR1M3_SyNd1C4T3}
Let's see what we can sudo
okay so tar... let's go find out what we can do with that from GTFO Bins
sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
We move into /root and cat the file there to get the last flag.
The answer is THM{80UN7Y_h4cK3r}
Comments