Can you find your way into the Valley?

An online platform for learning and teaching cyber security, all through your browser.

米VMwareは5月13日（現地時間）、仮想化PCソフト「VMware Workstation Pro」の個人利用を無償化すると発表した。Mac向けの「VMware Fusion Pro」も同じ扱いとなる。

: Bill would let US President commission white hat hackers to go after foreign threats, seize assets on the online seas

Anonforce — TryHackMe Walkthrough | Complete Guide to Boot2Root Introduction In this walkthrough, I’ll explore Anonforce , a Boot2Root machine on TryHackMe from the Bsides Guatemala CTF . It’s perfect for beginners looking to practice key skills like service enumeration, exploiting anonymous FTP, cracking GPG keys, and privilege escalation. Initial Enumeration My journey into the Anonforce TryHackMe boot2root challenge started with a thorough nmap scan to enumerate open ports and services on the target machine. nmap -sC -sV <Ip> The scan revealed two interesting open services: FTP (Port 21) running vsftpd 3.0.3, which allowed anonymous login . SSH (Port 22) running OpenSSH 7.2. Here’s the relevant part of the scan output: 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 Given the anonymous FTP login was enabled, I decided to investigate it further. FTP Login and File Enumeration Connecting to the FTP service was straightforward. I logged in using default anonymous credentials: ftp 10.201.18.12 Credentials: anonymous:anonymous After logging in successfully, I explored the remote file system. The root FTP directory contained several folders, and I noticed a directory named home. Digging deeper, I navigated into: ftp> cd home ftp> ls drwxr-xr-x 4 1000 1000 4096 Aug 11 2019 melodias Capturing the U ser flag Inside the melodias directory, there was an interesting file named user.txt. I downloaded the file to capture the first flag: ftp> get user.txt Once retrieved, I displayed the content of the file: cat user.txt And here was the user flag: 606083fd33beb1284fc51f411a706af8 Discovering and Cracking the GPG Key While continuing my FTP exploration, I stumbled upon an interesting directory named notread that contained two suspicious files: backup.pgp (an encrypted backup file) private.asc (a private GPG key) Naturally, I downloaded both files for offline analysis: ftp> get backup.pgp ftp> get private.asc Converting Private Key for Cracking My goal was to extract the passphrase protecting the private key. To do this, I used gpg2john, a tool designed to convert GPG private key files into a format suitable for John the Ripper: gpg2john private.asc > privatex Once converted, I ran John the Ripper to crack the passphrase: john privatex --show And success! The passphrase was revealed as: xbox360 Decrypting the Backup File Armed with the passphrase, I imported the private key into my GPG keyring: gpg --import private.asc Then I decrypted the backup file using the discovered password: gpg --decrypt backup.pgp The decrypted content revealed a critical piece of information — a list of system users with hashed passwords, including the root hash: root:$6$07nYFaYf$F4VMaegmz7dKjsTukBLh6cP01iMmL7CiQDt1ycIm6a.bsOIBp0DwXVb9XI2EtULXJzBtaMZMNd2tV4uob5RVM0:18120:0:99999:7::: daemon:*:17953:0:99999:7::: bin:*:17953:0:99999:7::: This was a major breakthrough. I now had the root hash . Cracking the Root Hash After extracting the root hash from the decrypted backup.pgp file, the next logical step was to crack it. I used John the Ripper with the popular rockyou.txt wordlist: john hash -w=/usr/share/wordlists/rockyou.txt Within seconds, John successfully cracked the root password: hikari (root) This gave me the credentials I needed to gain full root access on the machine. Capturing the Root Flag With the cracked password in hand, I initiated an SSH session as the root user: ssh [email protected] When prompted, I entered the password hikari, and I was instantly logged in as  root . From here, I navigated to the /root directory and captured the final root flag: cat /root/root.txt The flag was revealed as: f706456440c7af4187810c31c6cebdce Conclusion Anonforce was an exciting Boot2Root challenge that tested my skills in enumeration, cryptography, and privilege escalation. I started with anonymous FTP login, found and cracked a GPG private key, decrypted a backup to extract password hashes, and finally cracked the root password to capture the root flag. This room is especially good for beginners preparing for certifications like CompTIA Security+ and CEH (Certified Ethical Hacker) , as it covers important practical concepts such as service enumeration, password cracking, and privilege escalation. Anonforce — TryHackMe Walkthrough | Complete Guide to Boot2Root was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

BTRisk’in BTRSys1 boot2root makinesinde adım adım CTF çözümü: ağ keşfi, SQL Injection ile giriş, dosya yükleme zafiyeti, reverse shell ve root yetkisi alma süreçleri.

This is a machine that allows you to practise web app hacking and privilege escalation

An Easy Boot2Root box for beginners

Origin