Initial Access
Our initial web server shows us that we have an FTP server with anonymous log on available.
There is only one file available. Use get to download it or more to view it FTP
We know that the user Jake has a bad password which means he may be vulnerable to brute forcing. Let’s enumerate a little further first though.
The web server only displays a single photo
The source code reveals a hint
Let’s download the image and find the secret message.
We now have holts password so let’s login over ssh
We find the user flag in Holt’s home directory now let’s try to escalate our privileges.
Holt has permission to run nano with sudo so we can view the root flag inside of the text editor
The Other Way
Earlier we thought we might be able to brute force Jakes account so let’s try it.
Now that we have his password let’s login.
Jake also had the user flag in his home directory
Jake’s privilege escalation is very similar to holts except he has permission to the less command instead of nano. This lets us view the file with root permisions.
