But unfortunately I didnt have access to write to that directory so i moved on. My actual first thought was to replace the system32 directory program Magnify.exe with my evil payload so that at the Remote desktop login the accessibility options would become a shell. I also seemed to be able to browse to a directory with system32 files. So i decided to directly call the root directory with "cd c:".Ĭd C: correctly hopped me into a directory with loads of files available. \.\.\.\.\" and the response back indicated a fail. Failed, so I then flipped the slashes to "cd. I tried to hop out of the ftp directory structure via directory traversal attacks with "cd. After logging into the FTP server there wasnt much to play with in any available directories so i decided to try to hop out of the FTP environment. Initial FTP probing:First thing i did was log into the FTP server with credentials that were provided on the offsec page. Probably a wrong assumption, but its a good theory to cling to when things get rough KilltheN00b had various ports open including FTP, HTTP and some various mail ports.Ĩ0/tcp open http Surgemail webmail (DNews based)ġ06/tcp open pop3pw Qualcomm poppassd (Maximum users connected)ġ10/tcp open pop3 SurgeMail pop3d 3.8k4-4ġ43/tcp open imap SurgeMail imapd 3.8k4-4ģ66/tcp open smtp Surgemail smtpd 3.8k4-4ĥ87/tcp open smtp Surgemail smtpd 3.8k4-4Īll Girls Just want to have fun? Wait no that's a song LOL I logged into the offsec labs and reviewed some of the documentation on the contest page that stated there were 2 targets.Īfter a quick portscan I chose to attack killthen00b purely based on the amount of open ports available on the system. How Strong is Your FU hacker challenge Part 2Īfter some chips, salsa and a supersized burrito from el habinaro i was down for anouther challenge.
0 kommentar(er)
