We demonstrated a simple boot2root CTF walkthrough named, Covfefe, where we performed an initial Nmap scan followed by directory discovery. We found an SSH private key accessible publicly so we used it to gain an initial SSH shell. We exploited a buffer overflow vulnerability in binary we found to elevate privielges to root.

Description

Covfefe is my Debian 9 based B2R VM, originally created as a CTF for SecTalks_BNE. It has three flags.

It is intended for beginners and requires enumeration then [spoiler]!

Highlights

Open Ports: 22,80 and 31337

Directory Enumeration can be performed using dirbuster on port 31337 to find interesting files.

First flag can be found under /robots.txt

SSH key can be downloaded by visiting /taxes/

You could then use ssh2john with rockyou.txt wordlist to extract the password.

Buffer overflow can be exploited on read_message

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

, , , ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles