Posts Game Zone
Post
Cancel

Game Zone

Click here if you’re interested in the room!

This guide is meant to be used as a supplement for learning, please tackle this on your own before reading this!

  1. What is the name of the large cartoon avatar holding a sniper on the forum?
  2. When you’ve logged in, what page do you get redirected to?
  3. In the users table, what is the hashed password?
  4. What was the username associated with the hashed password?
  5. What was the other table name?
  6. What is the de-hashed password?
  7. What is the user flag?
  8. How many TCP sockets are running?
  9. What is the name of the exposed CMS?
  10. What is the CMS version?
  11. What is the root flag?

1) What is the name of the large cartoon avatar holding a sniper on the forum?

Using reverse image search:

1
Agent 47

2) When you’ve logged in, what page do you get redirected to?

1
portal.php

3) In the users table, what is the hashed password?

First we intercept the BurpSuite request and save it and then use SQLmap to dump the database.

image

image

image

1
ab5db915fc9cea6c78df88106c6500c57f2b52901ca6c0c6218f04122c3efd14

4) What was the username associated with the hashed password?

1
agent47

5) What was the other table name?

image

1
post

6) What is the de-hashed password?

Using Hash-Identifier we can see that it SHA-256 or HAVAL-256

image

Then, using John to crack the password:

image

1
videogamer124

7) What is the user flag?

SSH into the machine using found credentials:

1
2
login: agent47
password: videogamer124

image

1
649ac17b1480ac13ef1e4fa579dac95c

8) How many TCP sockets are running?

1
ss -tulpn | grep tcp

ANSWER:

1
5

9) What is the name of the exposed CMS?

1
Webmin

10) What is the CMS version?

Logging in using previous credentials we can see the answer is:

1
1.580

11) What is the root flag?

1
searchsploit webmin 1.580 -w

image

Corresponding: CVE-2012-2982

image

image

Set RHOSTS, USERNAME, PASSWORD as needed, SSL to false.

Set payload to cmd/unix/reverse then LHOST

image

image

1
a4b945830144bdd71908d12d902adeee
This post is licensed under CC BY 4.0 by the author.
Recent Update
Trending Tags
Contents

Trending Tags