Introduction

This box has no description or explanation. Okey dokey.

This is KIRA: CTF from Vulnhub.

Ports

Well, we always run nmap right? Lol no. This box has autologon enabled! I start it up and it immediately logs on as bassam with the full Ubuntu GUI experience. Who cares what ports are open?

Enumeration

There is a webservice presumably, because there’s stuff in /var/www/html including a directory called /supersecret-for-aziz. This contains a file called bassam-pass.txt, which is useful. The password is Password123!@#.

Privesc

We can run sudo -l and enter our password; turns out we can run find as root. So that’s our privesc done and done; thanks GTFOBins. The final flag was:

THM{root-Is_Better-Than_All-of-THEM-31337}

Presumably this is or was going to be a THM box? What a bizarre experience. I didn’t even need Kali at all. This entire thing, including the (lol) writeup, took 23 mins from boot of the VM.

Looking in /var/www/html there was an upload.php file that was filtering for image extensions, presumably this was supposed to be the foothold. Oh well, maybe next time.