Blacklight: 1

[ vulnhub  ctf  walkthrough  ]

Goal

2 flags or 2 flags & root

????

idk, got both flags & root…after a couple of reboots :)

Download

https://www.vulnhub.com/entry/blacklight-1,242/

Walkthrough

nmap
alt text

default 80
alt text

default 80 continued
alt text

dirb
alt text

robots.txt
alt text

flag 1 and hint
alt text

console on port 9072; allows 2 commands and shuts down
alt text

annoying, let the reboots begin
alt text

able to send command outputs to readable files from web
alt text

/home shows two interesting files, console.rb & flag2-inside.jpg
alt text alt text

ps shows command to run ruby console
alt text

cp the flag2 image to be viewed via web
alt text

looks like we need to extract flag
alt text

after strings, hexedit, steghide didn’t work, the tool to use was hinted to us all along ‘outguess’
flag2 is revealed

alt text

wasn’t sure if root was necessary or possible so did it anyways
using this ruby shell i got root

alt text

Written on July 20, 2018
Share on: