So this was the first major CTF challenge in the learning path so far and I think it really shows I have a long way to go! I admit I had to watch the walkthrough for this one. I was trying to remember all of the things I had done before and failed miserably.

I managed to remember an nmap to enumerate the room ports and discovered that an SSH port was open as well as port 80 for the webpage. I also ran a Gobuster directory scan, but tripped up by not scanning for file types, so I missed the login.php page.

In my enumeration I also managed to remember to look at the webpage source code and uncovered a username, so I was pretty pleased with that. However that was were I ran into a brick wall. I couldn’t think of anything else to do here, so the walkthrough by John Hammond really helped. Following along, I managed to find my way into the site using the password uncovered in the robots.txt file, but again stumbled with the commands, as cat and nano were disabled.

I did find out a good way to view the contents of the file using a while loop and echo command which was helpful.

I then was able to run a reverse shell in Python and gain access to the server, so this allowed me to snoop around and find the other files.

Overall though, without the hand-holding of the walkthrough, I wouldn’t have done very well in this. The good thing is, most people on the walkthrough comments seemed to express the same sentiment, so I don’t feel too bad. On to the next room – password hashes and cracking!