Today we are going to
solve another CTF challenge known as mission Pumpkin and credit for making this
VM machine goes to Jayanth which is designed for people who are beginners in
hacking field. The mission of this CTF is to gain access to PumpkinGarden_key
file stored in the root account. So, let’s proceed towards solve this Mission
Pumpkin.
You can download this
VM from vulnhub.com: https://www.vulnhub.com/entry/mission-pumpkin-v10-pumpkingarden,321/
Security Level: Beginner
Penetration
Methodology:
Scanning
·
Nmap
Enumeration
·
Credential
Harvesting
·
Web
Directory search
Exploiting
SSH connect
Privilege
Escalation
Scanning
Let’s start with our first step which is scanning, for which we will use
Nmap tool to check open ports states.
nmap -p- -A 192.168.0.14
Here as we can see that port 21 for FTP is open and anonymous user can
login ftp. Moreover, we can also observe that http is service in running on
port 1515 and open ssh service is running on port 3535. Now we will move
towards our next step which is enumeration.
Enumeration
First, we will try to connect through ftp with anonymous as username and
password. Here we have found note.txt then we will transfer this file in
our system
ls
get note.txt
cat note.txt
Now as we had seen that apache service was running on port 1515. So, we
will open that in our browser where we have not found anything interesting.
Now we will use dirb for web directory enumeration and we will
found the image directory there.
dirb http://192.168.0.14:1515/
Inside the image directory; we got a file named hidden_secrets. When
we opened that file, we got our next clue which was a secret key.
This key is encrypted
in base64 so first we will decode it to get the clue.
echo
c2NhcmVjcm93IDogNVFuQCR5 | base64 -d
Now we are assuming
that that these can be the usernames:scarecrow and passwords:5Qn@$y.
Exploiting
Now we will try to
connect though ssh with .Here we have
found file note.txt and after opening this we will get another clue
which is password; so will check the list of users in etc/passwd file
and we got the user now we will switch to goblin user entering the
password key and we are successful in doing so and here also we got our next
clue which will help us in finding the key of mission pumpkin.
ssh scarecrow@192.168.0.14 -p3535
ls
tail
/etc/passwd
su goblin
In goblin user we
found an another note file which contains a link of expoloit db for exploiting as shown in the
image at the bottom.
Now we will click on
the link which is provided there and download the bash file which holds the
method to gain access of root.
cat 38362.sh
So, as we run the
commands which we have got we will get the root access and we are logged in as
root. We have got pumpkeygarden_key here which reflects that we have
solved this CTF successfully.
0 comments:
Post a Comment