webdrv.root.sx


index  -- links -- chat

  

Index

MrRobot CTF Writeup

Here's my writeup for the MrRobot CTF: First I checked out /robots.txt and found interesting stuff

image

I found the first key and a dictionary that we will use later.

image

Next I found a WPlogin page while fuzzing, I checked it out.

image

I tried naturally admin:admin

image

Then I tried the username elliot because of the MrRobot theme, and it gave me a different error message, so I knew that the username was valid.

image

After this I started cracking the password using the dictionary I found in the first step, and the username elliot.

image

After some time I managed to crack the password and log into the WP admin panel.

image

I go to the themes page and set up a reverse shell in the content.php file.

image

I set up a listener and got a shell.

image

After this I went to the /home/robot directory and found the flag which was not readable, but I found a hash.

image

I cracked the hash and escalated to the user robot, getting the user flag.

image

image

After this I try and escalate to root, searching for useful SUID bins and I found that /usr/local/bin/nmap had the SUID bit set, meaning it executed with elevated privileges.

image

image

After this I got root and the root flag.

image

THM Cheese CTF writeup

Here's my writeup for the THM Cheese CTF: The website lands on a page with some product offerings, there is also a login page. First I started fuzzing.

image

I found out that we can bypass the login page by using a simple SQL injection.

image

While fuzzing I found a page called secret-script.php. It had a =file parameter. LFI was possible.

image

Next I decoded the secret-script.php it was very simple. It had $file GET parameter.

image

image

I then found a messages.html page which pointed to PHP filter chain that led to rce.

image

Now I set up a listener and get a shell

image

Now out of all the files writeable one was the .ssh/authorized_keys, so naturally I injected my public key and got an escalated shell.

image

image

Now we got the user flag!

image

After this I checked SUID binaries. and systemctl services and found out /opt/xxd has root permissions. So I used it to read the root flag

image

THM Wgel CTF writeup

Here's my writeup for the THM Wgel CTF: The website lands on a default apache web server page. First I start with an nmap scan, finding only port 80, and 22.

image

Looking at the site's source code, I find a comment that says "Jessie don't forget to update the website" I tried looking up CVEs for apache 2.4.18, but I couldn't find anything useful. I also tried looking up exploits for apache 2.4.18, but I couldn't find anything useful either. Then after the fuzzing finished I found http://10.113.151.63/sitemap/.ssh/id_rsa which was a private SSH key. Next step was logging into the machine using the private key.

image

After logging in I found the user flag in /home/jessie/Documents/user_flag.txt

image

Next I had to escalate my privileges somehow, so I ran sudo -l, finding that wget could be run as root.

image

Using this to my knowledge, I try and send the root flag to myself using wget and ncat as a listener.

image

Here's where I send the root flag to myself

image

And just like that we got the root flag!

image

Best keygen song(s)

Here are some of my favorite chiptune songs:

tRUE [WebcamMax 4.2.5.0.]

image

BetaMaster - 2006

image

Reloaded Installer #11

image

My current build and setup.

In the past I used to daily drive Linux only and be a privacy schizo Daily driving Gentoo and using SearXNG as my main search engine. But now I have a more balanced approach. I use Windows 10 debloated as my main OS, for games web browsing etc.. and I have a Linux VMs for when I need to do some work that requires Linux. I also use a lot of open source software and I try to be mindful of my privacy, but I'm not as extreme about it as I used to be. My current setup is pretty good for me and I'm happy with it. I have an MSI GX60 laptop that I picked up for a great price. I use Firefox with Ublock Origin and Privacy Badger for everyday tasks, and for some more private tasks I use Whonix. For CTFs I use a Kali VM.

image


robots -- sitemap