Welcome to Overpass, a box from THM!
let’s start with an nmap scan:
Both port 22 and 80 are open for looking into. We can see that we have a golang server and also OpenSSH, which we might be able to use to authenticate and gain access.
Let’s take a first look at the web address, in this case http://10.10.83.254
We have the following site:
Which is a password protection solution that we are going to try and break into. We have some tabs that we can explore.
We have some staff here:
Ninja’s account could possibly be the root account, or Szymex. It might be easier to authenticate as Bee for example to gain at least some low level priveliges.
If we download the source code in the Downloads tab, we can find the following:
Which provides a direct link to how they created their encryption. It is a substitution method encryption. From checking out the website, we can see that ROT47, the cypher, is actually an invertible algorithm, meaning we can pass through the encryption and get the password back.
Ok, so we have a taste of some information. We can also try to run dirbuster against the url, searching for php and txt files.
Dirbuster didn’t really find much information, it found a login.css file though, which likely corresponds to a login page styling file. According to this writeup, they used dirsearch in order to find an admin page. If one tool does not work, try another!
dirsearch -u <http://10.10.144.82> -l /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
If we inspect the website, we can find the following text: