Ctflike

Back

[!note] TOC/Links:

• Fowsniff CTF machine/Fowsniff CTF
• c4c4ptur3-th3-fl4g/c4c4ptur3-th3-fl4g
• Cheese CTF/Cheese CTF
• RootMe/RootMe
• Wgel CTF/Wgel CTF

fowsniff_ctf

The most commonly used commands in a POP3 connection are as follows:

USER <username>
PASS <password>
STAT
LIST
RETR
DELE
RSET
TOP
QUIT

[!note] Metasploit pop3 credentials brute force create files with usernames/passwords (one on each line) msf > use auxiliary/scanner/pop3/pop3_login msf auxiliary(scanner/pop3/pop3_login) > set rhosts 192.168.1.29 msf auxiliary(scanner/pop3/pop3_login) > set user_file user.txt msf auxiliary(scanner/pop3/pop3_login) > set pass_file pass.txt msf auxiliary(scanner/pop3/pop3_login) > set verbose false msf auxiliary(scanner/pop3/pop3_login) > run

Reverse Shell Cheat Sheet | pentestmonkey

[!hint] Walkthrough: Fowsniff: 1 Vulnhub Walkthrough - Hacking Articles

c4c4ptur3-th3-fl4g

[!hint] Encodings used in this challenge: binary, base32/64, hexadecimal (or base16), rot13/47, morse, BCD (Binary Coded Decimal)

Spectrograms

Tools to choose from:

• Sonic Visualizer
• DCode Spectral Analysis
• Audacity Spectrogram View

Steganography

Various Steganography tools

1. Steghide

2. steghide extract -sf stegosteg.jpg

3. Advanced Steganography methods on steghide | by Premkumar S | Medium

4. Aperi'Solve

5. platform also uses zsteg, steghide, outguess, exiftool, binwalk, foremost and strings for deeper steganography analysis

6. OpenStego

7. SilentEye
8. ImageMagick

cheesectf

• nmap -> see insanity and add --reason flag
• it can be GitHub - drk1wi/portspoof: Portspoof

[!info] PHP Schema LFI to RCE using PHP Filters! - Tib3rius PHP Wrappers -> php://filter PHP Filters Chain Generator PHP Filters Chain - Exploit Notes LFI2RCE via PHP Filters - HackTricks

After all this PHP madness:

• check .ssh permissions
• ssh to target and sudo -l to exploit.service
• gtfobins xxd

rootme

[!bug] File upload vulnerability

• enumerate the machine
• upload php reverse shell
• change file extension -> Upload Insecure Files - PayloadsAllTheThings
• connect and search for files with SUID permissions - find / -perm -u=s -type f 2>/dev/null
• find exploits -> gtfobins

wgel_ctf

• <!- Jessie don't forget to udate the webste --> username for ssh
• fuzz directories (recursively)
• ssh to target and sudo -l to get available binaries
• go to gtfobins and choose: just upload file or get root privileges
• don't forget to have fun with laggy tryhackme service