Hacking Deathnote — Writeup VulnHub

A quick win machine for warmup, without ado, let’s dive in!!

So I initially scanned for services and open ports that might help to enumerate the target

As port 80 was open, so I started fuzzing the website and found usernames like kira and l.Besides that, there’s was a directory called important.jpg and was initially not able to show up, then curl came into effect. Burp can also do the same, but I’ll prefer curl ;-)

During enumeration I found the file notes.txt which was initially a hint in cover page.

It’s a wordlist awesome!!!!, so tried to brute force the ssh login with this wordlist and got a successful login

user.txt contains text encrypted with brainfuck. During enumeration there’s directory called fake-notebook-rule with a hint.After following the rules, the decoding throws the password for kira, AWESOME!!!!

Checking for permission, allows all!!, that was a very quick move to get a root shell!!

That’s all for now,

Until Next Time,

Stay Humble!!

— — — — — — — — — — — — — — —

--

--

--

Cybersecurity | CTFs | Networking |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Filter & Find data Array

Javascript: Arrow function vs normal function explained!

React Native Animations — Rest to Motion: Part 1🚀

Animation

Separating responsibilities in your code (using React Hooks as example)

How to Display Content Based on Conditions in Angular

Using hidden columns to customize export files in ag-Grid

9 Modern && Practical JavaScript Code Snippets

A paper where it is written “time” burning

Writing Functional Tests with react-testing-library (Part 1)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neelesh Patel

Neelesh Patel

Cybersecurity | CTFs | Networking |

More from Medium

TryHackMe AoC3 - Day 2 Walkthrough —

HackTheBox-Writer

CTF Walkthrough | TryHackMe | GoldenEye 👁

Pentesting Fundamentals TryHackMe