Psycho Break
Psycho Break
solution
enumeration
HOST=10.49.102.4
TARGET=10.49.148.145
nmap -sV -p- -T4 $TARGET
# PORT STATE SERVICE VERSION
# 21/tcp open ftp ProFTPD 1.3.5a
# 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
# 80/tcp open http Apache httpd 2.4.18 ((Ubuntu))ftp
searchsploit proftpd 1.3.5a
ftp $TARGET
# Anonymous login not allowedAccess Web

<!-- Sebastian sees a path through the darkness which leads to a room => /sadistRoom -->
Key to locker Room => 532219a04ab7a02b56faafbec1a4c1eatiba tiba berubah jadi escape room


Locker Room
Sebastian is hiding inside a locker to make it harder for the sadist to find him. While Sebastian was inside the locker he found a note. That looks like a map of some kind.
Decode this piece of text "Tizmg_nv_zxxvhh_gl_gsv_nzk_kovzhv" and get the key to access the map
Click here to veiw the map ...decode dengan abtash cipher
Grant_me_access_to_the_map_pleaseMap Room

Safe Heaven
<!-- I think I'm having a terrible nightmare. Search through me and find it ... -->
wget http://10.49.148.145/SafeHeaven/safehousecover.jpg
wget http://10.49.148.145/SafeHeaven/imgs/gal1.jpg
wget http://10.49.148.145/SafeHeaven/imgs/gal2.jpg
wget http://10.49.148.145/SafeHeaven/imgs/gal3.jpg
exiftool safehousecover.jpg
exiftool gal?.jpg
foremost *.jpg -Tkita coba lakukan path saja dengan cwl
git clone https://github.com/digininja/CeWL
cd CeWL
gem install bundler
bundle install
chmod u+x ./cewl.rb
./cewl.rb https://theevilwithin.fandom.com/wiki/Sadist -w wiki.dct
ffuf -w wiki.dct -u http://$TARGET/FUZZ -vThe Abandoned Room
Answer Questions
Recon
- How many ports are open?
3
- What is the operating system that runs on the target machine?
Ubuntu
Web
- Key to the looker room
532219a04ab7a02b56faafbec1a4c1ea
- Key to access the map
Grant_me_access_to_the_map_please
- The Keeper Key
- What is the filename of the text file (without the file extension)
Help Mee
Get that poor soul out of the cell.
- Who is locked up in the cell?
- There is something weird with the .wav file. What does it say?
- What is the FTP Username
- What is the FTP User Password
Crack it open
Brute Brute Brute.
- The key used by the program
- What do the crazy long numbers mean when there decrypted.
Go Capture The Flag
- user.txt
- root.txt