Deathnote: 1

  • Name: Deathnote: 1
  • Date release: 4 Sep 2021
  • AuthorHWKDS
  • SeriesDeathnote

Download the machine:,739/


  • Enumeration will lead to a web site with a couple of clues
  • Find the wordpress uploads directory to get a password and users list
  • Use hydra to crack the password
  • Once access is gained find a clue in the /opt directory
  • Decode the code
  • The next user has all sudo permissions


Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Add deathnote.vuln in etc/hosts.

Port 80

Found a hint section in the site.

Looks like we can see a potential password.



While exploring the images in the site I found a wp-content uploads directory.

Looks like a password list.

And a username list.


Use both text file on hydra and a password for l user will be found.

User access gained.

Found a user text file but it looks encoded.

Looks like its encrypted with brainfuck.

Nothing interesting just a message.

After some time enumerating, I found two folders in the /opt directory.

Found a encoded text.

Use cyberchef to decode the text.

It’s double encoded. Use Hex and then base64.

Switch to the kira user and text file can be seen.

It’s another base64 code that has more clues.

Looks like a rabbit hole.

Check sudo permissions and Kira can run everything.

Privilege escalation

Use sudo bash to gain a root shell.

Found the root flag.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: