Hack the Droopy VM (CTF Challenge)

https://www.vulnhub.com/entry/droopy-v02,143/

http://www.hackingarticles.in/hack-droopy-vm-ctf-challenge

  1. 利用drupal 7.0 - DRUPAL HTTP PARAMETER KEY/VALUE SQL INJECTION漏洞得到shell (https://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon)
  2. 利用Ubuntu 14.04 - Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Privilege Escalation提權 (https://www.exploit-db.com/exploits/37292/)
  3. 找到dave.tc加密檔 (truecrypt),可用veracrypt工具解
  4. 解的過程發現需要使用密碼
  5. 從/var/mail/www-data檔發現密碼線索,將密碼範圍縮小(rockyou.txt)
  6. 使用truecrack破解truecrypt格式的dave.tc密碼
    • truecrack --truecrypt ~/Downloads/dave.tc -k SHA512 -w /root/Desktop/pass.txt
      • 不懂這裡為什麼知道要用sha512,作者是看/etc/shadow的root是使用sha512 hash,但shadow檔和dave.tc兩個檔案有什麼關連?
  7. 得到密碼後,再次用veracrypt解,在mount的目錄下.secret/.top/flag.txt得到flag

results matching ""

    No results matching ""