- Linux Virtual Machine
- terminal ( command tool)
- Attack Box
Tasks:
1- Find a password for a secret.txt file.
2- FIdn the content for a flag.txt file in the /root
3- Find the content of flag. txt in the /home/librarian directory.
Actions:
To get to the secret.txt we need to do some rec ( reconnaissance) using the nmap with the IP for the target machine
we see the ports that open, one of them is the FTP and we can see the ftp in the same IP address for the target machine
This will allow us also to use the command ls to get a list of the files then we can get the secret.txt and type bye or exit to get out of the ftp
To display the content we can use the command cat seceret.txt The password is as the following:ABC789xyz123
This was task (1) password for seceret.txt is
Task ( 2) is in the root so let's go there by typing
root@10.10.11.118
the password can be anything but by trying the same one ABC789xyz123 a couple of times it worked and we gained access to the target
The password won't be displayed, there is no show password option which is the challenge.
to answer task 2 and find the content of flag.txt we have to find it by looking into psw ( print working directory) then command ls to list the files then use the cat flag,txt to get the content of it which is THM{FTP_Server_Owned}
Task (3) is to find the flag.txt content in the /home/librarian let's go there by changing directory to home cd /home there we will type pwd to print the working directory there is an account that is called librarian we can ls to list what is in it flag.txt is the targeted file we can cat flag.txt to get the content: THM{Librarian_account_compromised}
As shown this is completing task 3
