$$
\text {An iCSI CTF (RED19)}
$$
Setup:
- The VM needed for this challenge can be downloaded here.
- You’ll need Kali Linux as well.
- We’ll also use a Ubuntu machine you control for demonstration purposes.
- The final flag for this machine will be found in the same directory as action.php. (It has a long, complex file name)
First Steps:
-
You will not have the login credentials to the machine.
-
Before you power it on, go to the machine settings and give the network adapter a custom MAC address.
- This way you will be able to locate it with the arp-scan utility within Kali.
- Don’t use the MAC address I have below. Everyone in the class needs something different.
- Manually randomize the MAC Address you give your machine!
Once you have started the CTF machine, launch a root shell in Kali and do the following:
- use the
*arp-scan* utility to scan the entire subnet and report back on MAC addresses that are present.
- Your Kali Linux machine must be on the same subnet as the CTF machine.
- Use
grep to filter for the MAC address that you gave the CTF Machine.
- NOTE: I only grep for the OUI of the MAC address. You should grep for the entire MAC Address!
- Use all 6 Hex characters in your grep
Start with an Nmap:
We see that this PHP server is running on port 8000 and we also see a convenient title of ‘PHP LFI!’
Open up the webpage and test for LFI to see if we can read the /etc/passwd file.
