MR. ROBOT (CTF)

This is intermediate level CTF based on mr.robot show, so without furthur ado, let’s start!!!

So for the initials I do recon the ports of the target, we got something like:-

Okay, so we got 80, up and running, after fuzzing and enumerating, there’s some low hangings, but then i hop over to http://192.168.230.133/robots.txt. It was with a first key and seems like a file with all the names, let’s see this file later.

After brute forcing the webpage, one of the result got the attention is http://192.168.230.133/wp-login. I don’t know any of the username until know. Since it is a mr. robot show based ctf, so I tried the username elliot and with random password , it showed elliot’s password is incorrect. AWESOME!! that shows elliot username exists. I should have brute force the creds with hydra, but using wpscan been a while, it was a great chance to use it again and so I did is:-

And we’re in!! so after enumerating the admin page, i tried to abuse the edit page, so i can get php reverse shell so what i did is edited the 404.php with a php reverse shell payload.

As my nc was listening on my machine, and YEAHH!! we got a shell

Enumerating all the files and directories, I saw the 2nd key, but was with password, there’s another file which contain md5 hashed password and after decode it was robot’s password, so I switched to robot user with these credentials.

Okay, so now, it’s time for 3rd key, the last key, Let’s hunt for that!!

So i ran the command :-

find / -perm -4000 2>/dev/null

These will list the files, that are accessible in interactive mode. I tried to gain the shell by old school technique by the command !sh, and awesome we got a shell, enumerating all around and now we can access the 3rd key as shown..

And the challenge is complete, we now have all the three keys!!

That’s all for now!!

Until Next Time,

You are Aw3some!!!!

— — — — — — — — — — — — —