TryHackMe-WgelCTF

Abdullah Rizwan ,21 August , 03:07 PM

Wgel CTF is free box to try on TryHackMe and it's a beginner level box

Look for open ports

First of all we are going to scan the box for open ports , you can use any port scanner but here I am using nmap,it's going to take some time while scanning because we scan for every open port on the box.

nmap -T4 -A -p- 10.10.81.198

From here we can see that there are 2 ports open

22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 94:96:1b:66:80:1b:76:48:68:2d:14:b5:9a:01:aa:aa (RSA)
|   256 18:f7:10:cc:5f:40:f6:cf:92:f8:69:16:e2:48:f4:38 (ECDSA)
|_  256 b9:0b:97:2e:45:9b:f3:2a:4b:11:c7:83:10:33:e0:ce (ED25519)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))

Port 80

It just shows the default http server page but if we look at the source code of this page we can find a user name there 'jessie'.

Lets enumerate directories by using dirbuster

I am also going to perform a nikto scan for vulnerabilites on the site

nikto -h 10.10.81.198

Result of Nikto

Nothing much came out of nikto scan

Result of Dirbuster

From directory busting , we came to know that there is a directory called sitemap

I again tried to bruteforce directory but this time i used 'common.txt.' wordlist

Here we can see that there is a directory ".ssh" with sub directory "id_rsa"

Copy the whole text found here into a file a name it 'id_rsa' which is a key file for ssh. Now we can utilize this key through the port 22 which is ssh