Writeup Aria
challengesB2rEasy

Psycho Break

Psycho Break

room

solution

enumeration

HOST=10.49.102.4
TARGET=10.49.148.145

nmap -sV -p- -T4 $TARGET
# PORT   STATE SERVICE VERSION
# 21/tcp open  ftp     ProFTPD 1.3.5a
# 22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
# 80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))

ftp

searchsploit proftpd 1.3.5a
ftp $TARGET
# Anonymous login not allowed

Access Web

1768676005133

<!-- Sebastian sees a path through the darkness which leads to a room => /sadistRoom -->

1768676051222

Key to locker Room => 532219a04ab7a02b56faafbec1a4c1ea

tiba tiba berubah jadi escape room 1768676115245

1768676093005

Locker Room
Sebastian is hiding inside a locker to make it harder for the sadist to find him. While Sebastian was inside the locker he found a note. That looks like a map of some kind.

Decode this piece of text "Tizmg_nv_zxxvhh_gl_gsv_nzk_kovzhv" and get the key to access the map

Click here to veiw the map ...

decode dengan abtash cipher

Grant_me_access_to_the_map_please
Map Room

1768676467950

Safe Heaven
<!-- I think I'm having a terrible nightmare. Search through me and find it ... -->

1768676639228

wget http://10.49.148.145/SafeHeaven/safehousecover.jpg
wget http://10.49.148.145/SafeHeaven/imgs/gal1.jpg
wget http://10.49.148.145/SafeHeaven/imgs/gal2.jpg
wget http://10.49.148.145/SafeHeaven/imgs/gal3.jpg

exiftool safehousecover.jpg
exiftool gal?.jpg
foremost *.jpg -T

kita coba lakukan path saja dengan cwl

git clone https://github.com/digininja/CeWL
cd CeWL
gem install bundler
bundle install
chmod u+x ./cewl.rb

./cewl.rb https://theevilwithin.fandom.com/wiki/Sadist -w wiki.dct
ffuf -w wiki.dct -u http://$TARGET/FUZZ -v
The Abandoned Room

Answer Questions

Recon

  • How many ports are open?

3

  • What is the operating system that runs on the target machine?

Ubuntu

Web

  • Key to the looker room

532219a04ab7a02b56faafbec1a4c1ea

  • Key to access the map

Grant_me_access_to_the_map_please

  • The Keeper Key
  • What is the filename of the text file (without the file extension)

Help Mee

Get that poor soul out of the cell.

  • Who is locked up in the cell?
  • There is something weird with the .wav file. What does it say?
  • What is the FTP Username
  • What is the FTP User Password

Crack it open

Brute Brute Brute.

  • The key used by the program
  • What do the crazy long numbers mean when there decrypted.

Go Capture The Flag

  • user.txt
  • root.txt

Kenobi

Previous Page

c4ptur3-th3-fl4g

Next Page

On this page

solutionenumerationftpAccess WebLocker RoomMap RoomSafe HeavenThe Abandoned RoomAnswer QuestionsReconWebHelp MeeCrack it openGo Capture The Flag