Sida loo Hacking Gareeyo Thoth-Tech: 1 VulnHub
Master advanced techniques and methodologies in ctf challenges
Overview
Thoth-Tech: 1 waa mashiin heerka fudud (Easy) ah oo loogu talagalay in lagu barto aasaaska baaritaanka network-ka, jebinta erey-siraha (brute-forcing), iyo kor u qaadista xuquuqda (Privilege Escalation).
> ⚠️ Hadhka Digniinta: Maqaalkan waxaa loogu talagalay oo kaliya waxbarasho. Weligaa ha isku dayin inaad jabsato nidaam aadan ogolaansho u haysan.
Machine Information
- Platform: VulnHub
- Difficulty: Easy
- Machine Creator: Pwnlab.me
- Download: [Thoth-Tech.ova](https://download.vulnhub.com/thothtech/Thoth-Tech.ova)
Step 1: Enumeration (Baaritaanka)
Waxaan ku bilaabaynaa network scan si aan u ogaano IP address-ka mashiinka nugul anagoo isticmaalaya netdiscover:
netdiscover -r 192.168.1.0/24Xaaladdeyda, IP address-ka waa: 192.168.1.7.
nmap -A -sV 192.168.1.7Waxaan helnay 3 port oo furan. Waxaan go'aansaday inaan ku bilaabo FTP server-ka maadaama uu furan yahay port 21 oo ay ku jirto tilmaan (note.txt).
Step 2: FTP Access
Waxaan u galnay FTP-ga anagoo isticmaalaya anonymous login:
ftp 192.168.1.7- Username: anonymous
- Password: (maran)
Markaan soo dejisay faylkii note.txt, waxaan helnay hint sheegaya in username-ku yahay pwnlab isla markaana password-ku uu aad u daciif yahay.
Step 3: Foothold (Gudaha u Galka)
Maadaama password-ku uu daciif yahay, waxaan isticmaalay Hydra si aan u brute-force gareeyo SSH-ga anigoo isticmaalaya liiska rockyou.txt:
hydra -l pwnlab -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.7Step 4: Privilege Escalation (Root Access)
Markaan SSH ugu galnay mashiinka, waxaan iska baarnay sudoers list-ka:
sudo -lsudo find . -exec /bin/sh ; -quitBOOM! Waxaan helnay Root Shell. Waxaan helnay flag-ga root-ka ee directory-ga /root.
Conclusion
Mashiinkani ma ahayn mid aad u adag, laakiin wuxuu muujinayaa muhiimadda ay leedahay in si fiican loo akhriyo tilmaamaha (hints). Haddii aan ku bilaabi lahaa port 80, waxay u badneyd inaan dhibtoon lahaa.
Waad ku mahadsantihiin akhriska!