In this post, You will learn how to CTF the keeper from HTB and have any doubts hope into my discord server and ask the doubts.
Hey you ❤️ Please check out my other posts, You will be amazed and support me by following on youtube.
Adding Target to /etc/hosts
Make sure you add the keeper.htb and tickets.keeper.htb to /etc/hosts
From the nmap scan we came to know that port 22 and port 80 are open so there is a chance of getting a credentials to get into the user via ssh that’s port 22.
nmap -p- -A -sV keeper.htb
If we enum the port 80 on a browser it gives a inurl if we click that it redirects to a login page.
I have tried the default credentials and somehow it worked.
user: root and password: password
The User informations was found in the dropdown menu of admin users and select.
Where we can see the new user initial password.
We can now login via ssh with the password Welcome2023!
Let’s login via ssh with the user lnorgaard
ssh email@example.com Welcome2023!
We can find a zip file in the user, Just extract it…
Within the compressed archive, I’ve observed the presence of two files, as indicated earlier. The DMG file has been extracted from memory. Upon investigation, I’ve identified the CVE-2023-32784 vulnerability, enabling me to successfully retrieve the master password.
It seems to be a danish desert …
The name of the desert is rødgrød med fløde and this name has passed the verification of kdbx.
There is a putty ppk file copy all Notes and paste it in a file.
puttygen keeper.txt -0 private-openssh -0 id_rsa chmod 600 id_rsa ssh firstname.lastname@example.org -i id_rsa
The user was really very easy and i would rate a 2 out of 10. Very easy box see you in the next post.