100 Days of Hacking — Day 10
What’s up guys it’s the 10th day of #100DaysofHacking. 10% of the goal is achieved let’s go through today’s objectives and report
Objectives of day 10 :
- Finish a medium tryhackme room
- Create a recon automation script for boot2root type CTF’s
Reports of day 10 :
So I did this tryhackme room: https://tryhackme.com/room/ignite
I honestly loved this room and was lost after finding the user.txt. I tried for 2 hours or so but I couldn’t escalate my privileges. I then saw the writeup and felt stupid.
Initial recon and enumeration were easy and the machine used a CMS called “fuel CMS” it had an RCE vulnerability in one of its parameters. I found an exploit available online and was able to gain a reverse shell.
So what now?
Well, I was honestly lost. I found nothing interesting in the binaries which can be run as sudo by www-data. :(
Update: I looked at the writeups it seems they have retrieved the sudo password using the database setup files that are located in /var/www/html/fuel/application/config/database.php they just retrieved the password of the root from there 💔.
I will have to improve my methodology and I have to remember to search the file setup of the website due to the reason that most of the CMS have configuration databases.
So, now for the CTF Recon automation :
😂 I know it sucks but it does the job for now. I am planning to improve the code by adding a scanner for grepping HTML comments in all of the http://$IP pages since there are many hints available in it.
Do clone or just copy-paste the script inside your /usr/bin/ folder.
Git repo link : https://github.com/balajianbalagan/Recon-Automation-for-CTFs-Using-Bash.git
sbin/shutdown(day10)
