CTF BoilCTF

Benjamin

20-02-2023

CTF › TryHackMe

RCE

rustcan

1	rustscan -a 10.10.242.254

Output:

PORT      STATE SERVICE          REASON
21/tcp    open  ftp              syn-ack
80/tcp    open  http             syn-ack
10000/tcp open  snet-sensor-mgmt syn-ack
55007/tcp open  unknown          syn-ack

FTP

1	ftp 10.10.242.254

Let’s download it.

You can decode it: https://www.dcode.fr/rot-13-cipher

Just wanted to see if you find it. Lol. Remember: Enumeration is the key!

Nothing int he ftp.

Robots.txt

http://10.10.242.254/robots.txt

kidding

Port 10000

Change the /etc/hosts

gobuster

1	gobuster dir -u http://10.10.242.254/ -x txt,html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

1	gobuster dir -u http://10.10.242.254/joomla -x txt,html,php -w /usr/share/wordlists/dirb/common.txt

Get shell

https://www.exploit-db.com/exploits/47204

Enum

inside log.txt
superduperp@$$

Into backup.sh:

superduperp@$$no1knows