Bob: 1.0.1

[ vulnhub  ctf  walkthrough  ]

Goal

/flag.txt

Download

https://www.vulnhub.com/entry/bob-101,226/

Walkthrough

nmap
alt text

default 80 page under construction
alt text

login page disabled
alt text

dirb reveals robots
alt text

robots reveals more
alt text

note about web shell
alt text

web shell doesn’t accept basic command
alt text

accepts full path to command; passwords page revealed
alt text

this page was removed by bob
alt text

bob has old copy
alt text

user creds revealed
alt text

ssh as seb
alt text

user elliot home directory with interesting file
alt text

interesting file reveals elliot password
alt text

su elliot
alt text

user bob home directory with gpg encrypted login file
alt text

notes script buried in folders
alt text

notes script is random, except all capital laters spells HARPOCRATES
alt text

secret word used against gpg file; reveals bob password
alt text

su bob
alt text

simple sudo gives root and flag revealed
alt text

Written on June 20, 2018
Share on: