https://www.vulnhub.com/entry/vegeta-1,501/
Review
- Enumeration uncovers hidden directories
- Check all the way to the bottom for clues
- Decode file and look out for double encoding
- Use a more through enumeration if stuck
- Decode a morse code to find for clues
- Check bash_histroy to find for clues
Enumeration
Run nmap scan to find for open ports.
Run a gobuster scan to find for hidden directories.
Check the source and a base64 code is found right at the bottom.
Use cyberchef and decode it twice as it is double encoded.
Save the output image.
Decode the QR code and we have a password.
We have a password but no user. Let’s use a more thorough enumeration with Seclists
It is in morse code , let’s use an online morse code decoder.
Foothold
Access gained.
Privilege escalation
Check the folder history.
Let’s use the same command in the file and add a Tom user.
Switch user and root access is gained.