Date
Apr 3, 2024 → Apr 4, 2024
Tag
ELF
Web Path Discovery
FTP
Scan

port
21 | FTP
22 | SSH
80 | HTTP
21 | FTP
this ftp allow Anonymous


find the file secret_stuff.txt, but don’t know how, change target
80 HTTP


the image has no infor
dirbsearch

path /robots.txt

Path /secret


the image dosen’t have any info
we need back to the ftp
back to FTP
again, for that file, found out it is a wireshark file, so we can analyze more.

Well, well, well, aren't you just a clever little devil, you almost found the sup3rs3cr3tdirlol :-P\n
After tried all things, sup3rs3cr3tdirlol is a web path!!!!!!!

no file under the path

download file roflmao

that is a ELF file
I need a Hit
Strings roflmao
we can find that there is a sentence “Find address 0x0856BF to proceed”
Here we have two chose 1. it is a address data 2. it is a web path
let try web path first, since it is more ez than other way.

nice chose!
enmeration


tried hydra to brute force the ssh

no result and also tired it as web path.
hit 2
use other brute force for ssh and think more, the path said the pass contain in the folder, if the info inside the txt file isn’t password, then what about the file name?

FIND!
Username | Password |
overflow | Pass.txt |

hit 3
since it will kick us off line, so the machine must have crontab, but i tried cannot access, so we can try find cronlog.

we can see there will be a scheduled task running every 2 min

we can see this python file can edit by us, so we can add a one line reverse shell into it.

WALA!!!!