Sws101_ctf_journal6
Valley
Summary
- Enumeration website get hidden directory
- Use creds login ftp –> creds –> user.txt
- Login SSH, analyse binary file -> creds
- Change user –> check cronjob –> python import file –> root.txt
Following are the prove for the steps that I followed.
Scanning
Web Enumeration
we can see that a username and password are left in the file
Trying to login to FTP with those creditials.
Using Wireshark to proceed further.
we got the user.txt
This post is licensed under CC BY 4.0 by the author.