Friday, 8 July 2016

Violator:1 challenge

Welcome to another boot2root / CTF this one is called Violator.

Scanning phase
As always aggressive mode all ports with services versions

Not complex :-) Anonymous logging is not allowed for ftp service, so let's begin from web application.

The default web page looks nice. I spent a lot of time on researching information about Violator album (Depeche Mode). I run dirbuster and dirb, but I did't get any juicy information. I was confused a little bit, we cannot conduct effective ftp brute-force, because we don't know username and password both. Fortunately I saw that we play with FTP 1.3.5, so let's find some exploit. I have found effective exploit but unfortunately it is Metasploit module.

OK! Limited shell. We are able to penetrate deeper our target. I was looking for some chance to escalate our privileges, but unfortunately without success. I have founf one very inportant thing - list of usernames

We know that there exists af, aw, dg and mg users. We don;t know password, so let's go to the FTP again and perform brute-force attack. I prepared our password list using names of albums and lirycs from wiki.
Excellenet! We know 4 valid credentials!