Rattus: Loophole – Walkthrough

By Homeless | Walkthrough
January 8, 2018 0 Comments

Even if i have a lot to do, i try to learn more thing in security hole. This challenge include openssl encryption in the description of the VM. I have been experience about open ssl decrpytion at the De-ICE 100. So what different openssl on this box? let’s try to find the encryption message.

Target ip  is 10.8.7.2.

Do you know how nmap is important for you?. For me, Scan again with nmap

Try to explore port 80 and scan dir with dirbuster.

I check all links and found shadow file at grabage url.

root:$1$x2YBL0KB$E7QI7AF9ZeiqcfMRQ4KZ11:15018:0:::::
smmsp:!!:9797:0:::::
mysql:!!:9797:0:::::
rpc:!!:9797:0:::::
sshd:!!:9797:0:::::
apache:!!:9797:0:::::
nobody:!!:9797:0:::::
mhog:$1$ZQAbXwf3$TgcNjljKW.2tlJw4OICDr1:15019:0:::::0
tskies:$1$ZvNtdn0x$ck5hnAwXg.OLQPOtg28Hb.:15019:0:::::0

Great! Nice Cache. Try to crack shadow file with john cracker.

After cracking some minutes later, I got root password so login again ssh.

Login success and found Private.doc.en file. Yes this file need to decrypt with password. I try to use my 2 password in there . I notice this encrypt file is under tskies folders. Therefore, i use the pasword of tskies and try to write bat file to know the algorithm.

After that, I got the decrypt file.

I upload the file to the online and view the file with online doc viewer.

This PDF download here. priv

Thanks for reading. Happy Hacking.

Leave a Reply:

Your email address will not be published. Required fields are marked *