Geisha Boot2root CTF
G e i s h a B o o t 2 r o o t C TF Hi Hackers. I am 0xGodson . This is My First Blog. In this blog, we are going to solve the box called Geisha! You can download this box by clicking here . level: Easy Lets Go! starting with nmap: Open Ports - 21, 22, 80, 8088 Lets enum. Ftp: Here, anonymous login Not allowed. We dont have any creds to login into ftp. Next I tired to Enum. port 80, 8088. But Nothing Interesting!(Rabbit Hole) So, what Next? - ssh So, I tried to Bruteforce ssh with hydra! I tried geisha as username. bcoz geisha is the name of the box. Ya, We found One Valid Passowrd : letmein Lets Try to ssh into the box: After some basic enum. I found a base32 has SUID. Then, I simple go to GTFOBINS , to find the exploit method! Exploitation: instead of seeing id_rsa of root, we can just see the root.txt (VN=/root/root.txt; base32 "$VN" | base32 --deco...