A beginner-level windows CTF challenge.
This walkthrough is written as a part of the Master certificate in cybersecurity (Red Team) that I am pursuing from HackerU
Starting with an nmap scan .
nmap -sS -sV -A <IP>
We discover 2 open ports 80 and 3389. There is port 80 open so it means there should a website.
Let's see what the website has for us.
We can find our first couple of flags just by looking through the pages and checking the page source. Along with that sets run dirbuster to find the web directories.
Here can have some juicy stuff and another flag.
So we know
UmbracoIsTheBest! is a possible password for some login
On one of the pages, we see this poem.
On further googling, we find that the author of this poem is
On one of the pages, we saw the email id of Author Jane Doe as
So it made sense that the email id for Solomon grundy would be also
Checking the source code
http://<IP>/archive/we-are hiring/ > view source code
http://<IP>/archive/a-cheers-to-our-itdepartments/ > view source code
http://<IP>/archive/a-cheers-to-our-it-departmenst/ > view source code
Finding the main flags
As we already know that we have a remote desktop port 3389 open, we use the already found credentials to log in.
Username — SG
Password — UmbracoIsTheBest!
rdesktop -u SG -p UmbracoIsTheBest! <IP>
Here we have our user flag.
Now our root flag is hidden. There is a backup folder that has the password required to access the Administrator folder. Enable hidden items folder to view it.
Inside the backup folder, we have a
restore.txt file that we do not have permission to open. For that, we need to change permissions for this file.
select restore.txt > Right click > properties > security > edit >type SG and click check nanes> ok>apply.
Now we can easily open the file and see the admin password
Using this we access the Administrator folder and get the root flag.
And we finished the room, leaves some claps if you found this helpful.