Index

TAMU CTF 2019 Writeups

  1. Pwn
    1. Pwn1
    2. Pwn2
    3. Pwn3
    4. Pwn4
    5. Pwn5
  2. Network/pentest
    1. Stop and listen
    2. Wordpress
    3. Calculator

Calculator

Challenge Description:

Using a teletype network protocol from the 70s to access a calculator from the 70s? Far out!
Note to new players: You won't see anything in Wireshark / tcpdump when you initially connect. (i.e. packets are sent unicast on a bridged network)

openvpn ConfigFile:

Configure the .ovpn file

Give a quick nmap to 172.30.0.0/24 give you a list of ips in network... in which one is listening at port 23 i.e Telnet

Telnet is vulnerable to Creadential harvesting using MITM .... so I did an MITM ATACK to server to see what was going b/w computers on network(Actually there were only two computers)

I used ettercap for that.... After setting up MItm i just see the connection and guess what some one just logged in to telnet server using alice username and password....

images/4-1.png

So username is alice and password is 58318008

so i logged in with these creadential in telnet server

images/4-2.png

after wasting around 20 minutes in finding some suid binaries and other vulnerability.....
it came out that it was pretty easy challenge... all i have to do is see hidden files in home directory....so
images/4-3.png

so there was the flag...
it can be a better challenge.....
www.000webhost.com