[Day 14] Advent of Cyber 3 (2021) | TryHackMe

 

Networking

Dev(Insecure)Ops

 

 

 

---

Story

McDev - the head of the dev team, sends an alarming email stating that they're unable to update the best festival company's external web application. Without this update, no one can view the Best Festival Company's plan. The dev team has been using a CI/CD server to automatically push out updates to the server but the CI/CD server has been compromised. Can you help them get their server back?

 

Learning Objectives

1. Understanding the CI/CD concept
2. Overview of risks associated with CI/CD
3. Having a basic understanding of CI/CD exploitation vectors

 

Answer the questions below

Q.) How many pages did the dirb scan find with its default wordlist?

A.)  4 

Process:- Start the machine and do a directory scan with dirb.

dirb http://10.10.28.203

 

---

 

Q.) How many scripts do you see in the /home/thegrinch/scripts folder?

A.)  4 

Process:- When you'll start the machine, you'll get an ssh connected terminal or you can do a new ssh connection with the credentials below:

username: mcskidy
password: Password1

Here, change directory to /home/thegrinch/scripts,

 

Got 4 scripts.

 

 

 

 

 

---

Q.) What are the five characters following $6$G in pepper's password hash?

A.)  ZUP42 

Process:- Go to http://10.10.131.104/admin and you will see the output of the loot.sh script.

http://10.10.131.104/admin

Now, As you can see that we have permission to write the loot.sh file so, let's read the /etc/shadow file.

loot.sh

Now, refresh the http://10.10.131.104/admin page and you'll get the five characters following $6$G in pepper's password hash

---

Q.) What is the content of the flag.txt file on the Grinch's user's desktop?

A.)  DI3H4rdIsTheBestX-masMovie! 

Process:- Use the same vulnerability to read the flag.txt file.

loot.sh

---

Thanks for reading.

Have a great day :-)