Thursday, 11 August 2016

Loophole challenge

Hi,

"We suspect that someone inside Rattus labs is working with known terrorist group. Your mission is to infiltrate into their computer network and obtain encrypted document from one of their servers. Our inside source has told us that the document is saved under the name of Private.doc.enc and is encrypted using OpenSSL encryption utility. Obtain the document and decrypt it to complete the mission."

Scanning


We can play with Samba server, web application and SSH.

Web application


















Hmmm, nothing special. If you click on here link, you will get page which contains several email addresses.
So, I have decided to run Dirb












Good, for me very interesting may be ~root, garbage and info.php files.
Unfortuately we don't have enough privileges to view ~root directory, but garbage file is very attractive for us!









Something like shadow file, isn't it?
Let's try crack it!








Great! So, let's try log in via SSH.








Excellent! So, we have to find Private.doc.enc file and decrypt it!






OK, so let's decrypt it! Maybe in .bash_history will be juicy information for us? Because tskies user encrypted the Private.doc file.



















Good, we know command which encrypted Private.doc file.
I decrypted the file and it presents engineers confidential doc :-)

Game over