CTF-WriteUps

Writeups are the easiest mode to showcase your way of solution. This Repo is all about Writeups I Write while Playing CTF's.

View on GitHub

Chocolate Factory

So lets Dive in… I always Began with a nmap scan..

$ sudo nmap -T4 -sV -sC target.txt

And with that we get some interesting results.

Just click the link and it seems its downloadable.

Now open and it seems to be a different encoding probably Hex. Lets try reading the file as strings

$ strings downloaded_file.txt

There’s also a FTP port open lets access it and get the file on it.

$  ftp target.txt

It seems it is Stego image. Lets check if it has file encoded in it…

$ sudo steghide -info gum_room.jpg

It had some file in it.So lets extract it.

$ steghide --extract -sf gum_room.jpg

Extracted file seems to be some kind of encryption so lets jump to Cyberchef, upload & decrypt it and save output to a file hash.txt

It looks like user and password hashes, So lets crack hash…

$ sudo john --wordlist=/usr/share/wordlist/rockyou.txt hash.txt

Now that’s done lets login to webpage using cracked password… This give us with a dashboard that run commands.

Now lets get a reverse shell on the target. And then stabilize shell.

Now lets try to get charlie user…

After lurking around I found some interesting files.SSH to charlie with the private RSA key and get user flag.

Now lets get root user…

After some linux enumeration using linEnum or linPEAS it was found there is a sudo pwnage with vim.

Root flag is a python file and seems require a key as input. After some hit and trial I decided to use the key found before from web as input and Woaah!! There it was.

PS: I was unable to make that python script to run successful, I got an alternative way to decode it Fernet Decoder.

And with that Chocolate Factory is Rooted.