boot2root machine for FIT and bsides guatemala CTF
This is Anonforce from THM. Like Dav and Library, it’s ranked easy. This box took me about 12 minutes.
FTP and SSH only, on the standard ports.
We’ve got anonymous login so let’s use it; we get the root of the server! We’ve got one user (melodias), and we can get user.txt.
One unusual directory stands out: /notread. What’s inside?
These are PGP files. We need to crack the password for the asc file:
Once we’ve done that, we can decrypt the file with import and decrypt:
So the backup file was a backup of the shadow file. We have two hashes; one for melodias, and one for root.
The root password is weak, and we can crack the hash and SSH in as root: