3/25/2023 0 Comments Hacked wheely 9![]() Only ‘/cgi-bin/tracertool.cgi’ is found to be useful, browsing this I found that one could get away with command injection or say RCE. Next, we opened ‘/robots.txt’ and found link to two files ‘/cgi-bin/root_shell.cgi’ and ‘/cgi-bin/ tracertool.cgi’. Why not go for source code! And the instinct was right we have a password here “winter” which we can use somewhere later. We found our third flag here, so far it was a cake walk.īrowsing ‘ /passwords/password.html’ pointed of the hidden password. Viewing ‘ /passwords/’ directory displayed ‘FLAG.txt’ and ‘password.html’. Next, we listed directories using dirb, it showed us two important directories ‘/passwords/’ and ‘/robots.txt’. So, we browsed Target’s IP in the browser but in vain. ftp 192.168.1.101įrom nmap result we found HTTP service is also running on port 80. We found our second flag inside FLAG.txt. While working on the ftp console, ls displayed that it had ‘FLAG.txt’ and a get command downloaded the FLAG.txt over FTP to the Kali box. So, we logged in with username as ‘anonymous’ and password as blank. The scan result showed open Ports we found our first flag returned as a banner for the service running on port 13337, moreover, anonymous FTP login was allowed on port 21 holding another flag.txt file.įrom the nmap scan, we knew that anonymous ftp login is available. We found our target’s IP address to be 192.168.1.101, next step was to scan the target’s IP with nmap. Security Level: Beginner Penetration MethodologyĪfter loading up the VM, our first step was to find out the target’s IP address. ![]() If anyone is new to pentesting, it is worth a try! ![]() We have to get total of 130 points by collecting different flags (each flag has its points recorded with it), we also have to get root. It is a very simple Rick and Morty themed boot to root. Today we are going to take another CTF challenge known as RickdiculouslyEasy by Luke. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |