Security Analyst | Security Researcher | CRTP

Proving grounds Practice: Algernon

Proving grounds Practice - Algernon CTF writeup.

Nmap

PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd => Anonymous login
80/tcp    open  http          Microsoft IIS httpd 10.0
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
5040/tcp  open  unknown
9998/tcp  open  http          Microsoft IIS httpd 10.0
17001/tcp open  remoting      MS .NET Remoting services
49664/tcp open  msrpc         Microsoft Windows RPC
49665/tcp open  msrpc         Microsoft Windows RPC
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
49668/tcp open  msrpc         Microsoft Windows RPC
49669/tcp open  msrpc         Microsoft Windows RPC

Directory Fuzzing

http://192.168.172.65/aspnet_client/
http://192.168.172.65:9998/interface/root#/login

PORT: 9998

img

Searchsploit

img

Change the IP addressess and PORT in the exploit code and run netcat listener on the PORT specified.

img

Run the python exploit.

img

Shell Obtained

Thanks for reading!

For more updates and insights, follow me on Twitter: @thevillagehacker.