This room is aimed for beginner level hackers but anyone can try to hack this box. There are two main intended ways to root the box. If you find more dm me in discord at Fsociety2006.
Looks like we have and FTP, SSH and HTTP server running on this box. Well we GOTTA test for anonymous FTP access... which it has! We download the file there "note_to_jake.txt" and cat that out.
Looks like Jake has a weak password. Let's also take a peek at the site. It's a full page image that resizes with the browser. Looking at the source code of the site, it hints at steganography.
Gobuster doesn't have anything. Let's try bruteforce on the SSH server while we look up this steganography thing.
actually... that was fast! Looking around we can get into holt's user profile from here and get the user flag.
The user flag is ee11cbb19052e40b07aac0ca060c23ee
K, let's get upgraded. We do a quick sudo -l to see if Jake can run anything as sudo. It looks like he can run less - let's visit gtfobins and find out how to exploit that
We run the commands above to get into root and pop the root flag.
The root flag is 63a9f0ea7bb98050796b649e85481845
The Steganography way
If you wanted to play you can download the brooklyn99.jpg from the site and use
steghide extract -sf brooklyn99.jpgNow it wants a passcode so let's do something else. Using this tool (https://github.com/RickdeJager/stegseek) you can download a passcode cracker and steg extractor all in one. Simply install and run with a wordlist and you'll get holts info.
Ones you're in as hold you can see he has access to run nano as sudo and then we just do the same thing we did above with gtfobins but this time with nano
