Proving Grounds Practice —Slort

Hello, today I’ll talk about the solution of Proving grounds Practice — Slort.

First, we run an Nmap scan.

I did a directory scan with Gobuster and discovered the /site directory that might work.

Then I checked if I could pull the test.txt file by running a python server.

Yes, we can shoot. We can use this way to get shell.

I created a php shell using msfvenom. Then I uploaded this file with python server.

And I got shelly with user rupert. I can now read local.txt.

I discovered the backup directory. Here in the info.txt file there is information that TFTP.EXE will be run every five minutes. I can get an authorized shell by importing my own TFTP.EXE.

I’m renaming the old file. I’m creating a shell with the same name as msfvenom. And I upload the new file using certutil.

When I listened to port 443 with netcat for a while, I obtained the authorized shell.

Yes, we now have administrator. We can get our proof.txt file.

We find our flag and complete the challenge. Keep hacking !

Practice makes perfect :)