Hackathon CTF 2 walkthrough
Description:This is a basic level BootToRoot machine for beginners. There are two flags
download here: www.vulnhub.com/entry/hackathonctf-2,714/
File Information
- Filename: Hackathon2.zip
- File size: 2.6 GB
- MD5: 74A8C09292AA07DBE1CB9F3ADD2C99FE
- SHA1: ABA71A136695AE061F1F4976B984DAA9FC4B5986
Tools used:nmap, gobuster, hydra
OS: Windows for Vmware, Kali Linux
Screenshots
Scanning
Anonymous FTP login allowed
Got the first flag
Second file (word.dir) looks like wordlist of directories because its extension is .dir as it is opening as text file which makes it suspicious
Also checking the source code to find something useful but not found anything
Now lets brute force the directory of the machine using gobuster
After opening the page 192.168.29.109/happy, it says nothing is here
Lets check its source code
As only FTP is open, so we can try brute forcing the FTP using the above username found and with the same wordlist i.e. word.dir.
Logging in with the above found credentials
Now we have to escalate our privileges to root
after some exploration I found a file .bash_history which contains command sudo -l, I ran it and found the vim can be run as sudo without the need to enter the root password.
So I misused the vim’s intended functionality to gain root access
I ran a command i.e. sudo vim -c ‘!sh’
Inside the root/ directory I found flag2.txt
Woah! we found out last flag