Geisha Boot2root CTF

Hi Hackers. I am 0xGodson. This is My First Blog.

In this blog, we are going to solve the box called Geisha!

You can download this box by clicking here.

 

level: Easy

Lets Go!

starting with nmap:

 

 

Open Ports - 21, 22, 80, 8088

Lets enum. Ftp:

 

 

 

Here, anonymous login Not allowed. We dont have any creds to login into ftp.

Next I tired to Enum. port 80, 8088.

But Nothing Interesting!(Rabbit Hole)

So, what Next? - ssh

So, I tried to Bruteforce ssh with hydra!

I tried geisha as username. bcoz geisha is the name of the box. 

  

Ya, We found One Valid Passowrd : letmein

Lets Try to ssh into the box:

 After some basic enum. I found a base32 has SUID.

 

 

Then, I simple go to GTFOBINS, to find the exploit method!

 

Exploitation:

 

 

 

 

 

 

instead of seeing id_rsa of root, we can just see the root.txt (VN=/root/root.txt; base32 "$VN" | base32 --decode)

 

With the id_rsa, we can Login into root via ssh!

 

 

  

 

         

 

Hope You Enjoyed!

 

See you in Next blog!