Skip to main content

CTF – Hacking Necromancer

Capture The Flag - Necromancer. Practicing my penetration testing skills to hack a target machine.  Here's my test environment in my own private virtual network.
I setup my Kali Linux in host virtual network and my target machine (Necromancer) which I downloaded a OVA image from VulnHub website.
When I started my Kali Linux virtual machine, I have an assigned IP Address 192.168.231.129. This most likely a different IP address when you setup your own private network. And my target machine Necromancer IP address is 192.168.231.128. I saw this when I started the Necromancer virtual machine. This save me some time to scan all /24 within my network.
Anyway, if you still want to scan your network you can use "netdiscover" tool. If you're not sure what options to use simply run "netdiscover --help". Okay, got it? Now run # netdiscover -r 192.168.231.0/24 [Enter] to scan your private network. Here's the result of my network. I run "ifconfig" in my Kali to know the assigned IP address, then the other IP most likely for my target network.
192.168.231.1 00:50:56:c0:00:01 1 60 VMware, Inc.
192.168.231.128 00:0c:29:a5:8c:67 1 60 VMware, Inc.
192.168.231.129 00:50:56:f0:0a:96 1 60 VMware, Inc.
With this information I can simply run nmap to my target IP address.
que-com-ctp-necromancer
Note: IP Address renewal in 900 seconds.
Now my private network, Kali and target machine are ready. Let's begin hacking my target machine.
From Kali Linux virtual machine run # nmap 192.168.231.29 to see what I can discover.
que-com-ctp-necromancer-nmap
I found port 80 open and 1 host up. That's a good start. Let's run # nmap -sU -n -r -T4 192.168.231.128
que-com-ctp-necromancer-nmap-doom
Now it's getting interesting. I found UDP port 666 a service for doom.
Let's fire up netcat using the newly discovered UDP port 666 # nc 192.168.231.128 666 [Enter].
que-com-ctp-necromancer-netcat
Hmm. Nothing happen. I wonder what's going on in the background. One way to find out, let's run our network snipping tool wireshark. I filter the result using my target machine IP Address 192.168.231.128 and found out it is trying to connect to the destination port 4444.
que-com-ctp-necromancer-wireshark
I open another terminal window, and setup to listen using port 4444 # nc -lvp 4444 [Enter]. And re-run # nc -u 192.168.231.128 666 [Enter], then wait to see the output in listening terminal window.
This is the result.
que-com-ctp-necromancer-netcat-captureddata
My first guess, it is a base64 code. I copied the code to my dumptext.txt file. And run #base64 -d -i dumptext.txt [Enter]
Woohh. I got the first flag.
que-com-ctp-necromancer-flag1
I copied  flag1{e6078b9b1aac915d11b9fd59791030bf}  to my flags.txt file for recording purpose, just like a trophy :)
Thank you.

Comments

Popular posts from this blog

Office365 - This resource doesn't accept meetings longer than 1440 minutes

When you create a meeting schedule for number of days , you will see an error  "This resource doesn't accept meetings longer than 1440 minutes". By default the mailbox or room was set for a maximum limit of 1440 minutes. Here's how you can disable this limit. Login to the Office 365 Administration Console In Microsoft Office 365 Exchange, click on Manage . In Manage My Orgnization , click the drop down arrow, and click on Select on Another User . This will prompt you to select the mailbox or room to manage. Select a Mailbox or Room , click OK . In Option, click on Settings. In Scheduling Options, un-check the "Limit meeting duration", then click on Save. That's all. You can now schedule a meeting or reserve a room for number of days. Hope this help you. If this helped you, please take the time to share this post by sharing using Google+, Facebook, Twitter, or LinkedIn

Out of Office Reply for Termed Employee

This is a sample Out of Office message that I used for termed employees, unless HR staff specified a different message. === Example for KING.NET Employee === John Doe (employee or consultant)  is no longer with KING.NET effective  June 1, 2013  (termination date). For matters relating to " Project Name here " please direct your concerns to  John Smith at  johnsmith@king.net (Manager or Supervisor) . For all other matters, please direct your email to Mary Smith HR at marysmith@king.net. Please call our main office 703-345-6789 if you have other concerns. Thank you. === End of message === I posted this article year 2008 from my old blog. http://whaddya.blogspot.com/2008/11/example-of-out-of-office-reply-for.html If this helped you, please take the time to share this post by sharing using Google+, Facebook, Twitter, or LinkedIn

VMware ESXi to add storage

Have you tried to add storage in your VMware environment after the initial setup and configuration? In my case, I needed to add storage for more space to copy virtual machine files. This is also the same approach to access a USB drive to import a vmx and vmdk files (virtual machine and data storage). For this article, I will provide a step by step procedure on how to add your USB drive from one of your Windows Server (or workstation). Let's use a Windows Server 2003 for reading your USB drive. By default, the NFS service is not enable. So, you have to add this service first. Go to Start , Control Panel , Add or Remove Programs , Add/Remove Windows Components , Other Network and Print Services , and select all for Microsoft Services for NFS . You asked, Why enable NFS Service? The VMware is based using Linux, so you need to enable NFS service to share your network drive or folder. Share a USB drive or folder. Open your Windows Explorer and browse your USB drive. In your