CTF 1 - System / Host Based Attacks

Question 1

User 'bob' might not have chosen a strong password. Try common passwords to gain access to the server where the flag is located.

First run an Nmap scan, we can see that port 80 is open and that WebDAV is running. We know that we need to brute-force bob's password so we can use Hydra to do so. Now we can login using cadaver to find the first flag.

Question 2

Valuable files are often on the C: drive. Explore it thoroughly.

We can use davtest to see what files we can upload. Then we can use the webshell.asp file and upload it to the server via cadaver. We can then execute it on the server.

Question 3

By attempting to guess SMB user credentials, you may uncover important information that could lead you to the next flag.

We first will run an Nmap scan and we can see that SMB is running on port 445. We can then use the Metasploit module smb_login to brute-force credentials. We can connect via smbclient and list the shares. We can explore the C$ share.

Question 4

The Desktop directory might have what you're looking for. Enumerate its contents.

We can now navigate to the administrators account and look in the Desktop folder.

Previous3.1 System / Host Based Attacks NextCTF 2 - System / Host Based Attacks

Last updated 9 days ago