Try Hack Me: Advent of Cyber 2 [Day 9] Anyone can be Santa!

Room: Advent of Cyber 2

Difficulty: Beginner

Even Santa has been having to adopt the “work from home” ethic in 2020. To help Santa out, Elf McSkidy and their team created a file server for The Best Festival Company (TBFC) that uses the FTP protocol. However, an attacker was able to hack this new server. Your mission, should you choose to accept it, is to understand how this hack occurred and to retrace the steps of the attacker.

Question #1: Name the directory on the FTP server that has data accessible by the “anonymous” user

I started off by logging into the FTP server as “anonymous”:

After looking at the directories, we can see that there is one that is available for the user anonymous to access, which is public:

Question #2: What script gets executed within this directory?

To find the answer to this question, I changed directories into “public” and then looked at the contents. There is a script called backup.sh located within.

Question #3: What movie did Santa have on his Christmas shopping list?

To retrieve the shopping list, I used the “get” command. It is now located on my own system for me to view.

Question #4: Re-upload this script to contain malicious data (just like we did in section 9.6. Output the contents of /root/flag.txt!

I started by grabbing that file from the ftp server in the same way.

I was then able to view the contents.

I opened it up in nano so I could start some edits.

Using a Reverse Shell Cheat Sheet, I erased everything else and added something that would give me a reverse shell.

Before I send it over though. I’m going to set up a listener using netcat. Use the same port you specified in the script.

Use Ctrl + X to close and save, then upload it to the ftp server with the “put” command. We are putting it in that same public file we have access to.

After a little bit, you will receive a connection at your listener:

From here, we just need to navigate to the flag.txt file.

Happy Hacking! ❤

--

--

--

CTF Writeups to facilitate cyber education.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Polkadot Staking Guide

Deepak Nitrite Cyber-Fraud Incident, Decoding for SMEs

SSL Strip & How awesome it is!

Updates of Enabling BSC Chain and HECO Chain CTokne Mining

{UPDATE} Bus Parking Simulator Hack Free Resources Generator

{UPDATE} One Clue Crossword Hack Free Resources Generator

HURRY UP! AIRDROP OF CHAINPAD HERE!!!

{UPDATE} Journey of Amazing frogger Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samantha

Samantha

CTF Writeups to facilitate cyber education.

More from Medium

Dreaming for King-Freedom!

Photography Contest Platforms That You Need To Know About

Decode shikata ga nai with binary ninja — part 1

[ Try Hack Me ] REmux The Tmux