Practice using tools such as Nmap and GoBuster to locate a hidden directory to get initial access to a vulnerable machine. Then escalate your privileges through a vulnerable cronjob.

This is a easy rated box and I did it, but I can’t be bothered with writing it up. Here’s why….

What’s the matter, sooky?

Well, this is a basic-ish CTF and it’s 100% ‘CTF’ in the sense that it’s got a few hidden directories, some stego and flags hidden behind ‘unusual’ encodings, like a GOST hash and Base62. So apart from figuring out what’s what, there’s nothing novel or particularly interesting here. It’s nmap, gobuster, mucking about with encodings and logging in with SSH, and then you’re served up root on a platter with a cronjob. I didn’t learn anything from it and I don’t have anything much to say about it.

Flag 2 and GOST

Oh, and by the way you pretty much have to decode the GOST hash and Flag 2 at this website. Yay.