Hackershala hackathon writeup

Hi today I am gonna do writeup of hackershala hackathon 2020 so lets start

we got two challenges to solve so first is the web challenge and in second challenge we had to do privilege escalation to get the flag and both challenges were related to each others so we had to solve web challenge first.



We got a URL and after opening the URL I got the apache default page.


so  I did directory search  and I got one valid directory `http://148.251.106.XXX:12905/adminmaster`


and adminmaster has nothing more than a static web page and when I saw the source code of that website I got the password but the password was encrypted to protect it from hackers but still I hacked it  😉


so now I had an encrypted password and I had to decrypt it so I tried different methods to decrypt it but I failed and then I through that maybe this is cipher encryption so I tried to decrypt it from cipher and luckily I was able to decrypt it as it was using ROT47 encryption and I got the password `h4cK3rsh414`


Hi webmaster, I am giving you the password, but don't forget it again. I have encoded it just to ensure safety from those cunning hackers out there! "9c4zbCD9c`c"

and after reading this line I was able to guess the username : webmaster and I got the password : h4cK3rsh414.

FLAG : h4cK3rsh414



So for this challenge we got a terminal where we had to do our task so I run command netdiscover to find the IP addresses on my network and I found two IP address first IP was of my network and another one was the target IP and then I did port scanning for that IP and only one port was open.


Now port 22 is open for so I logged in into ssh using username : webmaster and password : h4cK3rsh414. After logged in through ssh I found a file (magicfile.txt) that contain some encrypted strings.


and then I tried to decode it using base64 from end to start but no luck 🙁

so now its time to do privilege escalation so I ran `sudo -l` to get the sudoers permission for current users and I found this

the above image means that we can run `sudo /home/webmaster/shell` without password so I ran this command and got the root shell.

Now its time to go in /root directory and in this directory I found python file named as decryptor.py and after reading the code of that file I got to know that this script takes string as an input and then decode that string from rot13 first and then again decode it from base64 so I ran that script with strings in magicfile.txt as an input and I got this message.




and here both the challenges were solved successfully.


Thanks for reading


Instagram : https://instagram.com/theamanrawat

Twitter : https://twitter.com/theamanrawat


Leave a Comment

Your email address will not be published.