picoCTF 2024: dont-you-love-banners

Introduction: In the exhilarating world of cybersecurity challenges, every enigma presents an opportunity for exploration and enlightenment. Today, we embark on a thrilling adventure — a journey of exploiting a server’s banner to uncover a hidden flag. Join us as we traverse the intricate labyrinth of securing access, cracking passwords, and ultimately emerging triumphant.

Exploring the Challenge: Our quest commences with a tantalizing clue — a server leaking crucial information. Armed with resolve and a sharp intellect, we connect to the server hosted at tethys.picoctf.net on port 62412. However, our initial attempts to communicate with the server are met with a protocol mismatch, signaling that the challenge is anything but ordinary.

$ nc tethys.picoctf.net 62412
SSH-2.0-OpenSSH_7.6p1 My_Passw@rd_@1234
ls
Protocol mismatch.

Answering the Call: Undeterred by the setback, we press onward, answering the server’s security questions with unwavering confidence. Yet, our endeavors are met with resistance once more, as the server remains elusive. But in adversity lies opportunity, and we uncover a secondary port, 50213, hinting at an alternate path forward.

$ nc tethys.picoctf.net 50213
*************************************
**************WELCOME****************
*************************************

What is the password?

Cracking the Cipher: A glimmer of hope emerges as we connect to the new port and are greeted with a prompt for a password. Armed with leaked information, we answer the security questions and provide the password My_Passw@rd_@1234, granting us access to the server's inner sanctum.

What is the top cyber security conference in the world? 
DefCon
the first hacker ever was known for phreaking(making free phone calls), who was it? 
Joe Engressia

The Forbidden Fruit: With access secured, we embark on an expedition of the server’s filesystem. Our odyssey leads us to the coveted /root directory, where the flag lies tantalizingly out of reach. Despite our best efforts, a permission denied error halts our progress, leaving us at a crossroads.

$ cd /root
$ ls -l
total 8
-rwx------ 1 root root   46 Mar 12 00:18 flag.txt
$ cat flag.txt
cat: flag.txt: Permission denied

Unlocking the Vault: Undeterred by obstacles, we turn our gaze to /etc/shadow, where hashed passwords hold the keys to the kingdom. Employing the formidable prowess of hashcat, we crack the code and uncover the password for the revered root account—iloveyou.

$ hashcat -m 1800 --show hash.txt
$6$6QFbdp2H$R0BGBJtG0DlGFx9H0AjuQNOhlcssBxApM.CjDEiNzfYkVeJRNy2d98SDURNebD5/l4Hu2yyVk.ePLNEg/56DV0:iloveyou

Seizing Victory: Empowered by our newfound knowledge, we ascend to the ranks of root, securing unrestricted access to the server. Within the confines of the /root directory, the flag awaits, a testament to our perseverance and ingenuity.

$ su
Password: iloveyou
# cat /root/flag.txt
picoCTF{b4nn3r_gr4bb1n9_su((3sfu11y_f7608541}

Conclusion: In the realm of cybersecurity challenges, every obstacle presents an opportunity for growth and discovery. Through our journey of exploiting a server banner, we’ve unearthed invaluable insights into the art of penetration testing and vulnerability exploitation. As we revel in the glory of victory, let us carry forth the lessons learned and embrace the challenges that lie ahead.

Join the Adventure: Are you ready to embark on your own cybersecurity odyssey? Join us on platforms like PicoCTF2024, where every challenge is an opportunity to sharpen your skills and uncover the mysteries of the digital realm. Together, we’ll conquer the unknown and emerge victorious, one flag at a time.

Stay Tuned: Stay tuned for more thrilling adventures in the world of cybersecurity challenges. From exploiting server banners to cracking cryptic codes, the journey is boundless, and the rewards are endless. Until next time, stay curious, stay vigilant, and never cease in the pursuit of knowledge.