boot2root machine for FIT and bsides guatemala CTF
This is Library from THM. Like Dav, this one is ranked easy and doesn’t give any hints as to what it’s about. I’ve been away at the beach for a few days hence no hacking. In fact, these were the first days I’ve not done any at all for probably 6 months.
Ports
HTTP and SSH only, on the standard ports.
HTTP
This is where I spent the vast majority of the time on this box. The landing page was a very basic blog but did include a form supposedly for posting a comment. I tried an escalating series of gobusting searches but found nothing useful.
I ran various fuzzing techniques on the the POST request with Burp Suite. I captured a request and ran it against sqlmap; nothing.
I downloaded a few images and ran some basic stego checks against them; nothing.
Eventually I ran hydra against SSH:
Privesc
Presumably this was supposed to be the main challenge of this box, but it’s effectively the same as Wonderland.
So; we have a script which we can run as root that imports both os and zipfile. We can create our own version of zipfile.py, make it executable, and ….