🐧
Jackmeister
  • Welcome
  • Misc
    • Resources
    • Cybersecurity Terms You MUST KNOW
  • PG Play
    • Amaterasu
  • Hack The Box
    • Linux
      • Bashed
      • Beep
      • Sau
      • Trick
      • Knife
      • Love
      • Spectra
      • TheNotebook
      • Previse
      • Ophiuchi
      • Shocker
      • Bank
      • Keeper
      • Help
      • Cronos
      • Lame
    • Active Directory
      • Active
      • Forest
      • Timelapse
      • Sauna
    • HTB Register Form
  • TryHackMe
    • Red
    • Year of the Jellyfish
    • S1mple0nly b2r
    • Hermoso
    • This is so easy
    • Altair Network
    • road.thm
  • Platforms
    • Websites and Platforms
  • Tools
    • Hacking Tools
  • B2R template
Powered by GitBook
On this page
  1. TryHackMe

Altair Network

Altair Network is a vulnerable linux machine created inspired by the anime RE : CREATORS.

PreviousThis is so easyNextroad.thm

Last updated 2 years ago

Greetings, fellow beings of the universe. I hope this transmission finds you in good spirits. Today, I stumbled upon an intriguing and highly vulnerable box recently unleashed on TryHackMe. And lo and behold, the mastermind behind this new conquest is none other than the humble Soya, whose latest creation, the "Altair Network," promises to be a playground for the most daring and resourceful among us. I take this moment to offer my deepest appreciation and admiration to my friend Soya for this awe-inspiring and awe-inducing endeavor. I am confident that the Altair Network will be the ultimate test of our skills, pushing us to new heights in the ever-evolving world of cybersecurity. Hats off to you, Soya, for your unwavering dedication and effort in providing this invaluable and edifying resource to our community.

Wednesday, 15 February, 2023 4:14 PM

Port 22 : SSH Port 80 : HTTP Port 222 : FTP

It is noticed that FTP is kind of unstable , keep pressing enter to keep it from being timeout

The picture poster reminded me of the anime i watched before . Re creators

Using the newly obtained credentials , FTP and SSH have no luck

Back to port 80

No luck on gobuster

Forexbuster we go

Aha , new domain name

Add it into /etc/hosts to access it locally

By first glance , it is definitely wordpress given the layout

Opening the image in new tab further confirms that it is wordpress

Knowing its wordpress , normally login page will be located at /wp-admin or /wp-login Using the provided credentials ealier , it is successfully logged in

Traditional theme editor will not work because apparently this is the lastest wordpress version and it is also using the lastest theme which is "twenty twenty two"

Notice that there is a wp file manager that allow user to upload file , upload my php reverse shell and gain a remote code execution

Run the file through browser or curl (path is located at bottom of file manager)

Get a interactive shell using python

Found one executable shell script located in /opt which is a common directory

Echo your reverse shell bash into the file and wait for it to be executed on another listener

Listing what can we run as root found that neofetch can be run as root

Hello again , I have the utmost respect and awe for the brilliant mind of the creator behind the moniker k1r0GreyH4t, who is none other than the illustrious Soya! Your latest challenge has been an exhilarating journey that has left me spellbound and itching to take on the next one. The rush I experience while cracking your mind-bending puzzles is simply beyond words, and I eagerly anticipate the next adrenaline-fueled ride. Hats off to you, k1r0GreyH4t, for your ingenious creations that keep us all on the edge of our seats!

Check out his linkedin
nmap -Pn -sC -sV : Discovered Ports
Logoneofetch | GTFOBins
LogoTools/python-interactive-shell.sh at main · J4CKMEISTER/ToolsGitHub