, ,



Run a nmap scan to find for open ports.

Head into the FTP server as anonymous and get the secret files.

Decrypt the files to get messages

Head to the webserver and read the source code to find for a clue.

jane is a potential user.

Use hydra to brute force the user jane.

Login to the FTP server with jane as the user.

While exploring the server we can find other users.

Download the keys.txt file.

Bruteforce the jim user.

Found some rsa keys but it is empty.

Bruteforce jules to gain access.

Download the passwds files.

Bruteforce john user with the passwords files found in jules.

Gain access to user john via ssh.

Head to the .todo directory.

We can gain root user with the same password as john.

Head to the root folder to get the final flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: