.png)
3 years ago
1012 BOOK THIS SPACE FOR AD
ARTICLE ADQ1. Make sure you're connected to our network and deploy the machine
(No answer needed)
Q2. Scan the machine with nmap, how many ports are open?
Ans : 7
2. Enumerating Samba for shares
Q1. Using the nmap command above, how many shares have been found?
Ans : 3
Q2. Once you’re connected, list the files on the share. What is the file can you see?
Ans : log.txt
Q3. What port is FTP running on?
Ans : 21
Q4. What mount can we see ?
Ans : /var
3. Gain initial access with ProFtpd
Q1. Lets get the version of ProFtpd. Use netcat to connect to the machine on the FTP port. What is the version?
Ans : 1.3.5
Q2. How many exploits are there for the ProFTPd running?
Ans : 4
Q3. We know that the FTP service is running as the Kenobi user (from the file on the share) and an ssh key is generated for that user.
(No answer needed)
The mod_copy expoit allows us to copy files from any part of the filesystem to a chosen destination.
Q4. We knew that the /var directory was a mount we could see (task 2, question 4). So we’ve now moved Kenobi’s private key to the /var/tmp directory.
(No answer needed)
Q5. What is Kenobi’s user flag (/home/kenobi/user.txt)?
Now, since we’ve copied the file to /var/tmp, let’s try to mount that dir to our local machine.
Copy the id_rsa file to your location, chmod 600 it and then ssh into kenobi using the private key obtained.
Ans : d0b0f3f53b6caa532a83915e19224899
3. Privilege Escalation with Path Variable Manipulation
Q1. What file looks particularly out of the ordinary?
Ans : /usr/bin/menu
Q2. Run the binary, how many options appear?
Ans : 3
Q3. What is the root flag (/root/root.txt)?
Checking strings on /usr/bin/menu, we can find that the binary is running without full path.
Also, since it runs with root privileges, let’s try to manipulate the path to gain root.
Ans : 177b3cd8562289f37382721c28381f02
Bengali (Bangladesh) · 
English (United States) ·