Skip to main content

CTF – Hacking Necromancer

Capture The Flag - Necromancer. Practicing my penetration testing skills to hack a target machine.  Here's my test environment in my own private virtual network.
I setup my Kali Linux in host virtual network and my target machine (Necromancer) which I downloaded a OVA image from VulnHub website.
When I started my Kali Linux virtual machine, I have an assigned IP Address 192.168.231.129. This most likely a different IP address when you setup your own private network. And my target machine Necromancer IP address is 192.168.231.128. I saw this when I started the Necromancer virtual machine. This save me some time to scan all /24 within my network.
Anyway, if you still want to scan your network you can use "netdiscover" tool. If you're not sure what options to use simply run "netdiscover --help". Okay, got it? Now run # netdiscover -r 192.168.231.0/24 [Enter] to scan your private network. Here's the result of my network. I run "ifconfig" in my Kali to know the assigned IP address, then the other IP most likely for my target network.
192.168.231.1 00:50:56:c0:00:01 1 60 VMware, Inc.
192.168.231.128 00:0c:29:a5:8c:67 1 60 VMware, Inc.
192.168.231.129 00:50:56:f0:0a:96 1 60 VMware, Inc.
With this information I can simply run nmap to my target IP address.
que-com-ctp-necromancer
Note: IP Address renewal in 900 seconds.
Now my private network, Kali and target machine are ready. Let's begin hacking my target machine.
From Kali Linux virtual machine run # nmap 192.168.231.29 to see what I can discover.
que-com-ctp-necromancer-nmap
I found port 80 open and 1 host up. That's a good start. Let's run # nmap -sU -n -r -T4 192.168.231.128
que-com-ctp-necromancer-nmap-doom
Now it's getting interesting. I found UDP port 666 a service for doom.
Let's fire up netcat using the newly discovered UDP port 666 # nc 192.168.231.128 666 [Enter].
que-com-ctp-necromancer-netcat
Hmm. Nothing happen. I wonder what's going on in the background. One way to find out, let's run our network snipping tool wireshark. I filter the result using my target machine IP Address 192.168.231.128 and found out it is trying to connect to the destination port 4444.
que-com-ctp-necromancer-wireshark
I open another terminal window, and setup to listen using port 4444 # nc -lvp 4444 [Enter]. And re-run # nc -u 192.168.231.128 666 [Enter], then wait to see the output in listening terminal window.
This is the result.
que-com-ctp-necromancer-netcat-captureddata
My first guess, it is a base64 code. I copied the code to my dumptext.txt file. And run #base64 -d -i dumptext.txt [Enter]
Woohh. I got the first flag.
que-com-ctp-necromancer-flag1
I copied  flag1{e6078b9b1aac915d11b9fd59791030bf}  to my flags.txt file for recording purpose, just like a trophy :)


Thank you.

Comments

Popular posts from this blog

Alternative Social Networks

If you are planning to create your  social network  e.g. similar to Facebook. Here's a short list of alternative software's: Open Source and Free​ http://buddypress.org/  - Wordpress (Open Source and Free) http://elgg.org/  - (Open Source and Free) Commercial Social Networks software http://www.socialengine.com/  ($299 Stand Alone, $29/mo Cloud) http://www.jomsocial.com/  (run with Joomla, need to know CMS) http://www.boonex.com/  (very expensive, $399 for Standard) http://www.anahitapolis.com/ http://www.oxwall.org/ http://sharetronix.com/ http://www.moosocial.com/ http://www.jcow.net/ http://phpdolphin.com http://www.grou.ps  (from free to Commercial, I left my networks and they are selling it  http://www.phpfox.com/  (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company) http://www.ning.com  (I don't recommend using this service, it's hard to export your data when it's time to move) S

Learning Vulnerability Scanning by KING.NET

Learning Vulnerability Scanning is fun and easy. So I hope you enjoy reading this short how to guide on how to use vulnerability scanning to secure your servers and networks. NMAP is the swiss tool that you need to learn if you're serious in Cyber Security profession. The NMAP tool can be use with NSE scripting (Nmap Scripting Engine) to automate your tasks. For example using NSE Script using a  single vulnerability (cold fusion)  to scan our test lab machine. root@kali:~# nmap -v -p 80  --script http-vuln-cve2010-2861  10.11.1.220 Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-22 17:34 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 17:34 Scanning 10.11.1.220 [1 port] Completed ARP Ping Scan at 17:34, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:34 Completed Parallel DNS resolution of 1 host. at 17:35, 13.01s elapsed Initiating SYN Stealth Scan at 17:35 Scanning 10.11.1.220 [1 port] Comp