Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to analyze FartKnocker in CTF TopHatSec. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Download address

Note: it can only be opened using vmbox. Add a new network card and change it to bridge mode.

Https://download.vulnhub.com/tophatsec/FartKnocker.ova actual combat exercise

Find the target machine IP

Open port of scanning target machine

The browser opens port 80

Click on the Wooah hyperlink, and you will download a network packet, open it with wireshark, and see that the access port seems to be the default three ports of the port knock service.

Use nmap to tap these ports one after another.

Then rescan all the ports and found that a port 8888 is open.

Nc in the past, echoed to a url

Open a browser and enter url

The hyperlink is still a network packet. I found an avatar.

I don't know what's coming from the following paragraph. Translate it from Baidu.

Following the prompts, I used nc to click on 1Magne 3je 3je 7 respectively, and finally nc1337 port, echoing a url path.

The browser opened the url above and found a string encrypted by base64

Root@kali:~# echo "T3BlbiB1cCBTU0g6IDg4ODggOTk5OSA3Nzc3IDY2NjYK" | base64-dOpen up SSH: 8888 9999 7777 6666root@kali:~# Open up SSH: 8888 9999 7777 6666

Click on these ports as prompted to open ssh, and an account and password appear.

Can't log in.

Use sftp to get in.

File content

Root@kali:~# cat nachos Great job on getting this far.Can you login as beavis or root?

Found a network packet.

Opened it and didn't find anything.

Later, I checked the data and found that ssh needs shell to operate.

System enumerations indicate that it may be vulnerable to CVE-2015-1328, which is a local privilege upgrade using overlayfs mounts within the user namespace. Allow local users to exploit this vulnerability to gain administrative privileges on the system.

Utilization process (CVE-2015-1328):

After reading the above, do you have any further understanding of how to analyze FartKnocker in CTF TopHatSec? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.