![]() Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel |_http-server-header: SimpleHTTP/0.6 Python/3.8.5ĩ009/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0) The command would have done multiple ports at a time, but I didn’t know how long that might take so I mostly stuck with one at a time. Then I went through each port and did a deeper scan for more information. Last time we missed some ports (apparently we missed one this time too!), so we tried them all with -p. Ssh -i Downloads/metasploit_ctf_kali_ssh_key.pem used nmap from the kali machine to get an initial list of open ports, then I asked for help to do a more exhaustive search. Then the rest is the username at the IP address of our kali machine (both given in our control panel on the competition website). Alex showed me how to use the -i to give it the file path to the key we were given (it was in my downloads folder). Using ssh to connect to the kali machine was my first challenge. However, my explanations might be a bit basic and/or inaccurate. 9008 Java Object Serialization – Queen of Heartsĭisclaimer: I am not a programmer! I have done my best to understand and explain these challenges. ![]() 9001 CtfChallenge GAME REVIEWS (PC) – 2 of Spades.9000 WEBrick PC Game Library – 2 of Hearts.8888 Werkzeug Metasploit Modules (Unsolved).8202 nginx Javascript Login – Queen of Spades.8200 Welcome to our Gallery – 6 of Diamonds.8101 Writing and Exploit with Metasploit – 5 of Clubs (Unsolved).8092 The Clover Tail’s Login Page – 4 of Clubs.4545 Executable and Encrypted File – 8 of Hearts.Here is Alex’s writeup, written for a more technical perspective and with some more code examples. Also, I have included some of Alex’s notes directly with a grey background. I have also listed the uncompleted challenges because we did make a bit of headway on some of them. This organization was a big help because it was easy to loose track of what was what and which we should tackle next.īelow I have listed the ports in order. When Alex was done work on Friday I walked him through everything and we prioritized the challenges based on perceived difficulty. I also put together a google doc with all the ports/challenges as headings to keep track of the information for each challenge. I managed to look into all the ports we could find and made some pretty good discoveries. ![]() ![]() I spent the day on Friday doing reconnaissance. We actually make a pretty good team because we tackle problems in different ways. Alex is the computer wiz and has worked as a developer for over 8 years. My username was SunCat and I was the non-programmer of the team. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |