Proving Grounds Practice —Slort
Hello, today I’ll talk about the solution of Proving grounds Practice — Slort.
First, we run an Nmap scan.
I did a directory scan with Gobuster and discovered the /site directory that might work.
Then I checked if I could pull the test.txt file by running a python server.
Yes, we can shoot. We can use this way to get shell.
I created a php shell using msfvenom. Then I uploaded this file with python server.
And I got shelly with user rupert. I can now read local.txt.
I discovered the backup directory. Here in the info.txt file there is information that TFTP.EXE will be run every five minutes. I can get an authorized shell by importing my own TFTP.EXE.
I’m renaming the old file. I’m creating a shell with the same name as msfvenom. And I upload the new file using certutil.
When I listened to port 443 with netcat for a while, I obtained the authorized shell.
Yes, we now have administrator. We can get our proof.txt file.
We find our flag and complete the challenge. Keep hacking !
Practice makes perfect :)