mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-21 19:43:03 +00:00
Add files via upload
This commit is contained in:
parent
fb539c9d95
commit
71d7d8d4fb
1 changed files with 94 additions and 0 deletions
94
TryHackMe/Develpy.md
Normal file
94
TryHackMe/Develpy.md
Normal file
|
@ -0,0 +1,94 @@
|
|||
# TryHackMe-DevelPy
|
||||
|
||||
## NMAP
|
||||
|
||||
```
|
||||
Host is up (0.15s latency).
|
||||
Not shown: 65533 closed ports
|
||||
PORT STATE SERVICE VERSION
|
||||
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
|
||||
| ssh-hostkey:
|
||||
| 2048 78:c4:40:84:f4:42:13:8e:79:f8:6b:e4:6d:bf:d4:46 (RSA)
|
||||
| 256 25:9d:f3:29:a2:62:4b:24:f2:83:36:cf:a7:75:bb:66 (ECDSA)
|
||||
|_ 256 e7:a0:07:b0:b9:cb:74:e9:d6:16:7d:7a:67:fe:c1:1d (ED25519)
|
||||
10000/tcp open snet-sensor-mgmt?
|
||||
| fingerprint-strings:
|
||||
| GenericLines:
|
||||
| Private 0days
|
||||
| Please enther number of exploits to send??: Traceback (most recent call last):
|
||||
| File "./exploit.py", line 6, in <module>
|
||||
| num_exploits = int(input(' Please enther number of exploits to send??: '))
|
||||
| File "<string>", line 0
|
||||
| SyntaxError: unexpected EOF while parsing
|
||||
| GetRequest:
|
||||
| Private 0days
|
||||
| Please enther number of exploits to send??: Traceback (most recent call last):
|
||||
| File "./exploit.py", line 6, in <module>
|
||||
| num_exploits = int(input(' Please enther number of exploits to send??: '))
|
||||
| File "<string>", line 1, in <module>
|
||||
| NameError: name 'GET' is not defined
|
||||
| HTTPOptions, RTSPRequest:
|
||||
| Private 0days
|
||||
| Please enther number of exploits to send??: Traceback (most recent call last):
|
||||
| Please enther number of exploits to send??: Traceback (most recent call last):
|
||||
| File "./exploit.py", line 6, in <module>
|
||||
| num_exploits = int(input(' Please enther number of exploits to send??: '))
|
||||
| File "<string>", line 0
|
||||
| SyntaxError: unexpected EOF while parsing
|
||||
| GetRequest:
|
||||
| Private 0days
|
||||
| Please enther number of exploits to send??: Traceback (most recent call last):
|
||||
| File "./exploit.py", line 6, in <module>
|
||||
| num_exploits = int(input(' Please enther number of exploits to send??: '))
|
||||
| File "<string>", line 1, in <module>
|
||||
| NameError: name 'GET' is not defined
|
||||
| HTTPOptions, RTSPRequest:
|
||||
| Private 0days
|
||||
| Please enther number of exploits to send??: Traceback (most recent call last):
|
||||
| File "./exploit.py", line 6, in <module>
|
||||
| num_exploits = int(input(' Please enther number of exploits to send??: '))
|
||||
| File "<string>", line 1, in <module>
|
||||
| NameError: name 'OPTIONS' is not defined
|
||||
| NULL:
|
||||
| Private 0days
|
||||
|_ Please enther number of exploits to send??:
|
||||
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerpri
|
||||
nt at https://nmap.org/cgi-bin/submit.cgi?new-service :
|
||||
|
||||
```
|
||||
|
||||
## PORT 10000
|
||||
|
||||
<img src="https://imgur.com/J9ACAKN.png"/>
|
||||
|
||||
__import__() is not really necessary in everyday Python programming. Its direct use is rare. But sometimes, when there is a need of importing modules during the runtime, this function comes quite handy.
|
||||
|
||||
Now we can exploit and insert this line to import os module and run bash we could do this as assigning it to a variable
|
||||
|
||||
|
||||
<img src="https://imgur.com/izJGYFf.png"/>
|
||||
|
||||
Save the `credentials.png` on your local machine
|
||||
|
||||
<img src="https://imgur.com/ogvUZML.png"/>
|
||||
|
||||
Now I had now idea what was that but I had heared of a lanaguage like that looking at the results of `exiftool` it pointed me towards `Mondrian` on googling I came to know that `Piet Mondrian` is a Dutch artist best known for his abstract paintings and googling it even more resulted in that `Piet` is some kind of programming langauge
|
||||
|
||||
|
||||
<img src="https://imgur.com/aYEyzyJ.png"/>
|
||||
|
||||
<img src="https://imgur.com/WHG87ct.png"/>
|
||||
|
||||
I found online interpreter for `piet` programming lanaguage https://www.bertnase.de/npiet/npiet-execute.php
|
||||
|
||||
But this was a rabbithole
|
||||
|
||||
<img src="https://imgur.com/0eKYhSt.png"/>
|
||||
|
||||
|
||||
Now `king`'s home directory has `run.sh` and `root.sh` what we want do is somehow put a reverse shell in root.sh because it is running as `root` user in cronbjobs everyminute so delete that file make a new one so we can edit it set up a netcat listener to capture it
|
||||
|
||||
You can use bash or netcat reverse shell , I used the netcat reverse shell
|
||||
|
||||
<img src="https://imgur.com/NIJe5m6.png"/>
|
||||
|
Loading…
Reference in a new issue