• Thorough enumeration is needed
  • Try out diffrent encryption methods
  • Get pass the rabbit holes
  • Gain privilege access with GTFO bins


Run nmap scan to find for open ports.

Port 80

Run a gobuster scan to find for hidden directories.

Scroll all the way to bottom to find some directories.

Each directory contains text data that tells the history of the character. The /iamGaara file is slightly diffrent form the others and after some observation a clue can be seen in the text.

Use cyberchef to decrypt the code and after some time I found the decryption method to be base58.

Tried to ssh into the user but password is wrong.

Let’s bruteforce with hydra instead.

Found another password instead.


User access gained.

First flag is found.

There is txt file that contains a clue.

Use cyberchef to decrypt and there is a directory location.

Head to the folder and another clue is found.

Looks like it is encrypted in brainfuck

Decode it.

We need more enumeration

We are unable to view sudo permissions either. Lets use linpeas instead.

Found an interesting binary under the SUID section.

Look up GTFO bins.

Privilege escalation

Use the GTFO script to gain root acess

Access gained.

Final flag is found.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s