CTF: Unknowndevice64 Walkthrough

      Nessun commento su CTF: Unknowndevice64 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve  Unknowndevice64.


unknowndevice64 v1.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

  • Difficulty: Intermediate
  • Flags: Your Goal is to get root and read /root/flag.txt

Information gathering

TCP Scanning

Banner Grabbing

Interesting we have a web server running on the port 31337.

Exploring the web app

Analyze the source code:

let’s analyze the image.

Hidden secrets …., let’s download the image….

  • download the image wget
  • extract the hidden info with steghide: steghide extract -sf key_is_h1dd3n.jpg
  • password: h1dd3n (as suggested from the name of the image)
  • let’s examine the contents of the file: cat h1dd3n.txt

The text is a brainfuck code usually I use this website for decoding this kind of stuff.

Bingo we have username and password

  • username ud64
  • password 1M!#64@ud

SSH Service

ssh ud64@ -p 1337

Unfortunately, we have  a restricted shell but don’t worry there are many ways to escape from this situation (remember that google is your friend)

Escape from a restricted shell

To escape from  the restricted shell we will use the text editor vi

  • vi
  • :!/bin/bash

Now we will export /bin/bash as our SHELL and our Path

Privilege escalation

  • Check what we can execute as sudo: sudo -l

Fantastic we can use the sysud64 to obtain a shell with a root privilege

  • check the options…

  • sudo sysud64 -o /dev/null /bin/sh
  • cd /root
  • cat flag.txt

Fantastic we have completed the Unknowndevice64 machine.