[THM] Magician box write-up ctf
Published
•1 min read![[THM] Magician box write-up ctf](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1645572779094%2FEFSpQSzBu.jpg&w=3840&q=75)
First let's enumerate the machine with an nmap scan
add the ip to the correct DNS as the box want in /etc/hosts file
as we can see is a simple site to convert .png to .jpg, to began let's find a payload related to file upload after searchs i've find this who using netcat to send the connection
after uploading with receive the connection !
and we can get the user flag will simply go to user folder
after searching trough many ways to privesc i've found that the machine has a weird port open
so lets make pivoting with chisel, after that we will simply get a shell and we will need to cat the /root/root.txt to get the root flag encoded in base64, juste decode it with cyberchef and here we go ! we are root
![[FR] [HTB] Timelapse windows write-up](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1651866143500%2FE_pYPNqta.jpg&w=3840&q=75)
![[FR] HTB - We have a leak | write up](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1648392338946%2FSN8P1JhEi.png&w=3840&q=75)
![[WALKTROUGH] [THM] IGNITE ctf](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1643223814946%2FUGVzy7DVx.jpeg&w=3840&q=75)