Flag 4

Category

Subset of subset of hacking machines challenges

Challenge

Flag 4

We are given a URL - hackit.zh3r0.ml

Solution

Optional: Find IP address of the given domain using ping

Since it is a machine, begin with a full port scan

nmap -T4 -sC -sV -p- hackit.zh3r0.ml

Note: Not sure if I used the right [options], run nmap --help for better understanding and optimisation

This reveals all the open ports and services running on each port. Also notice that the services running are all mixed up.

22/tcp    open     http
25/tcp    filtered smtp
99/tcp    open     ssh
324/tcp   open     ftp
4994/tcp  open     unknown
11211/tcp filtered memcache

• FTP port 324 allowed anonymous login
  • Use ftp hackit.zh3r0.ml 324 to connect
  • Login with the following credentials

      user      : anonymous
      password  :
    

  • Go into PASSIVE mode using command pass
  • Use ls -la, cd, get to enumerate the hidden files, hidden directories and receives the files onto your machine
  • File .stayhidden contains an Employee ID, connect to port 4994 and use this Employee ID to obtain Flag 4
    nc 139.59.3.42 4994
Flag 4: zh3r0{y0ur_s4l4ry_wa5_cr3dit3d}