OVERPASS
Some background on this lab
What happens when a group of broke Computer Science students try to make a password manager?
Obviously a perfect commercial success!
This lab has only 2 things it appears to be looking for. A User.txt flag and a root.txt flag.
First thing we are going to do it load up the virtual machine.
Next we are going to enumerate with nmap
Some interesting ports that are open are 22 (SSH) and 80 (http). 80 means we have a webpage
Next I am going to run Gobuster against the site to look for any hidden directories
Another few interesting directories listed.
The /admin brings us to a login page
Checking into the source of the page we find this information in a login.js file
With this I am going to download the tool “Cookie Editor”
After refreshing the page we are in!
With this I am going to create a new text file with that private key and attempting to ssh using that key
With this I am going to use the ssh2john python script to attempt to crack
After using john to crack we get the password james13
Using james13 as the secret key, we were able to access!
Right in the home directory we are able to locate the user.txt flag that contains thm{65c1aaf000506e56996822c6281e6bf7}