Difference between revisions of "CTF Lord of the root: Walkthrough"

Download dari https://download.vulnhub.com/lordoftheroot/LordOfTheRoot_1.0.1.ova Install di VirtualBox

netdiscover

Lakukan,

netdiscover -r 192.168.0.0/24

Hasilnya,

Currently scanning: 192.168.0.0/24   |   Screen View: Unique Hosts                                                                                                                                                               
                                                                                                                                                                                                                                  
 21 Captured ARP Req/Rep packets, from 21 hosts.   Total size: 1260                                                                                                                                                               
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
.....
192.168.0.139   08:00:27:45:35:64      1      60  PCS Systemtechnik GmbH                                                                                                                                                         
.....

port scan

Lakukan,

nmap -sT -p- -A 192.168.0.139

Hasil,

Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-28 02:13 EST
Nmap scan report for 192.168.0.139
Host is up (0.00089s latency).
Not shown: 65534 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 3c3de38e35f9da7420efaa494a1deddd (DSA)
|   2048 85946c87c9a8350f2cdbbbc13f2a50c1 (RSA)
|   256 f3cdaa1d05f21e8c618725b6f4344537 (ECDSA)
|_  256 34ec16dda7cf2a8645ec65ea05438921 (ED25519)
MAC Address: 08:00:27:45:35:64 (Oracle VirtualBox virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.10 - 4.11, Linux 3.16 - 4.6, Linux 3.2 - 4.9, Linux 4.4
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE
HOP RTT     ADDRESS
1   0.89 ms 192.168.0.139

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 112.51 seconds

tampaknya hanya SSH yang terlihat.

port knocking

Lakukan,

nmap -Pn --host-timeout 201 --max-retries 0  -p 1 192.168.0.139
nmap -Pn --host-timeout 201 --max-retries 0  -p 2 192.168.0.139
nmap -Pn --host-timeout 201 --max-retries 0  -p 3 192.168.0.139

Tidak terlihat apa2 ..

lakukan nmap lagi

Lakukan

nmap -sT -p- -A 192.168.0.139

Hasilnya,

Referensi

• https://github.com/Hamza-Megahed/CTFs/blob/master/lord-of-the-root/README