CTF Writeups

pwned box sunday, learnt to do username enumeration for finger service nd crack hash with john.

learnt to upload a content type payload with the extension .png.

set up JD GUI for decompiling java code , checked the .class object got credentials nd then got access with sudo -l , priv esc was easy it was just sudo -l followed with sudo su.

normal access through rci exploit nd config file investigation.

accessed james server , got ssh login details , logged in as mindy on ssh, escaped rbash shell by using a james server exploit which gave us a bash shell , enumerated using linpeas , further enumerated with …

odat , volatility , nishang shell ,nmap script for ssid bruteforce.

Started box sense , used a vulnerability on the pfsense router to allow code injection with burpsuite, got a stable reverse shell with a python script and got the flags and learnt how to workaround bad …

pwned the box with a exploit , used simple http server mainly to host the files for download and done w metasploit.

on visiting the content page , we are greeted with this

Uploaded reverse shell.aspx on ftp and exploited with metasploit+msfvenom + w/o metapsloit ( local exploit sugg. setup inc ).

learnt to perform dns enumeration , learnt how to use sql injection payloads , used lin peas to find a cron job running , ran a php rev shell through the cron job and pwned box CronOS.

lets get a list of vulnerabilities as well by giving the apikey using the api switch —api-token [apikey]

modified web.config file that allows the upload of aspx files to upload a aspx reverse shell payload but shell is not stable.

Exploited site made using drupal , used a exploit that allowed remote code exec , got in and then did priv esc with ms10-59 chimchurri exploit.

used a local exploit , certutil and hashcat done w/o ms.

intended user path via portknocking left, http://linenum.sh , chrootkit vuln, cron job , process script, burp, binwalk.

not able to load up the homepage or connect to the machine for some reason leaving this for later.

Did w/o metasploit , learnt how to use dataset how to upload files to server using curl , looked at system info found a suitable local exploit, also learnt how to send files from host to write on targets disk …