Moria: 1.1

23.Get Hash credential

Scanning/Discovering/Eunmeration

In Browe get pic

  1. navigate /w/h dir on browser
  1. Check out the http serv on browser
  1. then find directory _abyss/.
  1. nmap -sV 192.168.107.1/24
  1. ifconfig

nothing useful found

  1. using John Ripper

Login Credentials in the given image.

  1. SSH login credential in the plain text ✅
  1. privilege escalation ✅

Exploiting Vuln

:

24.Found the salt

no clue on web server

  1. dirb to check if any hidden dir

found another directory inside w/h/i/s/p/e/r. ⛔

7.On opening the_abyss, we got some tex

  1. cluster of random texts

9.noted them because they might be Login Credentials.

Success ✅

connect with FTP port

  1. FTP login

TCP Dump

  1. tcpdump -i etho dst 192.168.107.158
  1. password clue from the Hex value
  1. Get Mellon password

After login in FTP

  1. FTP Login credential ✅
  1. used pwd command

16.found the path to be /prisin hope of getting a flagon.

17.but it was worthless ⛔ : :

18.Then Using Cd command

  1. found a folder named var ✅
  1. got to /var/www/html
  1. Then finally found the folder QlVraKW4fbIkXau9zkAPNGzviT3UKntl : : ⭐

Check out the browser

  1. Get Prisoner’s name and Passkey as ✅

Decryption can give us clue

privilege escalation

  1. SSH login

user credentials decrypted to login in ssh

  1. got the bash shell ✅
  1. running ls-al command

For search flag

30.found a text file named poem

But we didn’t find any flag inside it ⛔

look .ssh/ directory

Inside the flag.txt

  1. found the know_hosts file and id_rsa

contains the private key

  1. cat id_rsa command

use this information for ssh login as a root user. ✅

  1. found the host “127.0.0.1

got the ROOT by

  1. ssh -i id_rsa root@127.0.0.1

ls -la command

35.found a flag.txt.

36.got the Final Message “All that is gold does not glitter”! 🚩 🚩 🚩