In this post, You will learn how to CTF the Broken Gallery and below is the video format of the post, Check it out ????????
To download the broken gallery box [click here]
Hacking Phases in Broken
- Finding target IP
- NMap scan
- Brute force
- ssh connect
- Post enumeration
- Abusing sudo rights
Let’s Hack Broken: Gallery
Follow the steps carefully and if there is any kind of error or the box is not working you are free to text me on discord, click below to join my discord community ????????
Finding target IP
To find the target IP we can just type sudo arp-scan -l or use net discover command
sudo arp-scan -l
In my case the target IP is 192.168.64.30
Let’s use nmap to find open ports and the service and the version.
nmap -A 192.168.64.30
There are only 2 ports open port 22 and port 80, We will be using port 22 that is ssh to connect to target.
Viewing target website
After viewing the target site I thought of copying the keywords and save it in file and then do a brute force.
Bruteforcing using hydra
hydra -L user -P pwd 192.168.64.30 ssh
We have successfully brute forced and let’s try to login to the target machine.
The password is broken
SSH connect target
Connecting to the target via ssh.
To escalate the root privilege, we went for post enumerating and looked for .bash_history file.
In this file, we noticed some interesting action has been performed by the author which was pointing towards a file name “password-policy.sh” that exist inside /etc/init.d moreover a command to set time-date using “timedatectl” command and much more.
If we enter the below command we could find the root password.
Let’s set the time and reboot the system.
sudo timedatectl set-time '2015-11-20 16:14:50' sudo /sbin/reboot
Now wait for the machine to start again and the do a ssh connect to the target enter the root password as ‘TodayIsAgoodDay’
According to me this box is so so easy but unfortunately I was stuck at the reboot this is because the utmost has issue with the emulated software. Hope you like the post.
See ya in next post????????????
Also Read: How to CTF the matrix