Sat. Oct 24th, 2020

Pentesting Fun Stuff

following the cyber security path…

Irked

As always I start with a port scan to get a list of open ports and running services:

Some information about the running webserver:

The browser can’t load the website, but cURL gives some information:

There is a old backdoor exploit for UnrealIRC which can be exploited by metasploit.

And it works…..now to take a look around.

So I did some enumeration and got not very much.
After a while I looked back at what I found and banged my head a few times against the wall for being so blind.
The hint was there for the taking……
The .backup file had some content:

The mentioning about steg did me believe it had to do with steganography….but what file. Nothing I found on the system looked like it would work.
But one file did…….I missed it and feel so dumb. The picture on the main page!!!!!

Got user now for root.

This is a nice enumeration tool to use for a quick scan of the system.
After a long look at the report I noticed a file that normally isn’t there.

Running /usr/bin/viewuser show the following message:

It is looking for /tmp/listusers but can’t find it. Let’s help it.

As can be seen the /root folder is set to permission 700.

Looks like the permission on the /root folder has changed to the better.

And there we have it. Can’t say I really like this machine and the challenge it presented.
It is more a CTF kinda machine then the regular HTB machines and for something like OSCP training I wouldn’t recommend it.
But it does show that enumeration is key.
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.