You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
This walkthrough is written as a part of Master certificate in cybersecurity (Red Team) that I am pursuing from HackeU.
Starting with a nmap scan
We have 3 open ports (21,22 and 80). As port 80 is open we know we have a webpage and we can also use the ssh service to login into the machine if we get the credentials.
Here we have a hint “codename as user-agent” and the codenames are single letters as we see in the above screenshot; Agent R.
Intercepting the traffic in burp and changing the user agent until we get a hit using intruder
For the letter C we get a hit.
Using this as a user agent .
Here we get a username
Using hydra to crack the password for chris
hydra -l chris -P /usr/share/wordlists/rockyou.txt <IP> ftp 21
Successfully logged in the system.
Downloading the files to the host system and inspecting it
Checking To_agentJ.txt and we see that the password is stored in the pictures.
binwalk cutie.png -e
Found 4 files
Cracking .zip file using zip2john
zip2john 8702.zip >test.txt
cracking the hash in test.txt using john and found password to open zip file.
Extracting 8702.zip using 7z
7z e 8702.zip
Used cyberchef to crack the hint.
Used steghide to extract hidden message
steghide extract -sf cute-alien.jpg
Found password for agent James
Using the above information for logging into SSH port with user James and found password
Checking for privileges
Got root access
sudo -u#-1 /bin/bash
Thanks for reading.