Persecure : my learning archive

Vegeta: 1

https://www.vulnhub.com/entry/vegeta-1,501/

Review

  • Enumeration uncovers hidden directories
  • Check all the way to the bottom for clues
  • Decode file and look out for double encoding
  • Use a more through enumeration if stuck
  • Decode a morse code to find for clues
  • Check bash_histroy to find for clues

Enumeration

Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Check the source and a base64 code is found right at the bottom.

Use cyberchef and decode it twice as it is double encoded.

Save the output image.

It’s a QR code.

Decode the QR code and we have a password.

We have a password but no user. Let’s use a more thorough enumeration with Seclists

Found an additional directory.
Contains a .wav file.

It is in morse code , let’s use an online morse code decoder.

Found a user and password

Foothold

Access gained.

Privilege escalation

Check the folder history.

bash_history shows a password and a user name Tom. However Tom does not exsist.

Let’s use the same command in the file and add a Tom user.

Switch user and root access is gained.

Create a website or blog at WordPress.com