Hackathon CTF 2 walkthrough

Description:This is a basic level BootToRoot machine for beginners. There are two flags

download here: www.vulnhub.com/entry/hackathonctf-2,714/

File Information

• Filename: Hackathon2.zip
• File size: 2.6 GB
• MD5: 74A8C09292AA07DBE1CB9F3ADD2C99FE
• SHA1: ABA71A136695AE061F1F4976B984DAA9FC4B5986

Tools used:nmap, gobuster, hydra

OS: Windows for Vmware, Kali Linux

Screenshots

Scanning

Nmap -A -v 192.168.29.109

Anonymous FTP login allowed

downloaded both files i.e. flag1.txt and word.dir

Got the first flag

flag1.txt

Second file (word.dir) looks like wordlist of directories because its extension is .dir as it is opening as text file which makes it suspicious

word.dir

Also checking the source code to find something useful but not found anything

index page source-code

Now lets brute force the directory of the machine using gobuster

found a page /happy

After opening the page 192.168.29.109/happy, it says nothing is here

Lets check its source code

found a user: hackathonll

As only FTP is open, so we can try brute forcing the FTP using the above username found and with the same wordlist i.e. word.dir.

found credentials hackathonll:Ti@gO

Logging in with the above found credentials

got an initial level of access (non-root)

Now we have to escalate our privileges to root

after some exploration I found a file .bash_history which contains command sudo -l, I ran it and found the vim can be run as sudo without the need to enter the root password.

So I misused the vim’s intended functionality to gain root access

I ran a command i.e. sudo vim -c ‘!sh’

gave me a root shell without entering the password

Inside the root/ directory I found flag2.txt

Woah! we found out last flag

opening flag2.txt and found out last flag