Vulnhub: Glasgow Smile 2

H0j3n
7 min readAug 6, 2020

The machine is designed to be a DC tribute but also a kind of real-life techniques container. You will find also a bunch of CTF style challenges. You need to have enough information about Linux enumeration, PTES and encryption for privileges escalation.

Enumeration

Let’s do nmap first and see what do we get.

22 tcp   open     ssh
80/tcp open http
83/tcp open http

Port 80 (Http)

When we get into the website we can see its blank like this with the GS2 new logo. The page source also did not give us anything. So let's try to enumerate the directory.

Dirsearch

So we got one text file which is todo.txt

todo.txt

By looking at todo.txt we know that there is an automatic script that could be an extension of sh. Use the most popular wordlist! — rockyou

Wfuzz

We found joke.sh!

Inside joke.sh

What we can get from this script is firstly a new directory and also there is a cap file somewhere. So let’s get that pcap file!

Wfuzz

Nice! we found the pcap file. So lets open that pcap using Wireshark. You can open it like this.

wirehsark smileyface.pcap

--

--

H0j3n

CTF Player 🚩 || TRYHACKME || HACKTHEBOX || VULNHUB || STUDENT