Cheran Walkthrough

Start by scanning the host with “nmap -A -T4 -vv”

We can see some ports are open 80,139,445 first port to enumerate is port 80:

Dirb /usr/share/dirb/wordlist/big.txt:

We have some directories and a robot file to check, the main page and the images directory got nothing interesting there, but the users and YouTube got some hidden messages:

The user’s directory has two files, the first is Rajasimha.html when we view the page source and scroll down, we can see the weird codes, I’ve seen it before it’s called Brainf@k codes:

We can decode it with this site here and the result is we know now that is Rajasimah is the username we’re going to use to log in to this box:

The YouTube page has some links to check out, one of them has the password:

The video on YouTube telling us that the password is here, so I viewed the page source and started looking for the password, I just searched for the word password and I got a hit:

The password is “k4rur” and now we have the username and the password, the only service open is SSH and we’re going to login from there:

We in, and we try to see if we can run sudo on this host by running “sudo -l”:

Ok, it’s telling us to be able to become root we need to run the following command “ /bin/bash” with a simple search we can see that this is an exploit to the system and it’s very simple one:

By running “sudo -u#-1 /bin/bash” we become root and we can change directory to the root folder to CTF:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s