Looking Glass

February 10, 2024

First we need to see the open ports in the machine

Once i tried connecting to the ssh ports i get this message

ssh -oHostKeyAlgorithms=+ssh-rsa -o "StrictHostKeyChecking=no" 10.10.7.125 -p 9001

Then i tried accessing the lowest port which is 13783

It says higher which is the opposite of lower

After several attempt on trying the numbers in between

I guessed the correct port and it returns this

ssh -oHostKeyAlgorithms=+ssh-rsa -o "StrictHostKeyChecking=no" 10.10.70.119 -p 11870

Then after looking up into the google this looks like a vigenere cipher

Thus, I will be using this decoder online to decipher. Here's the link

And i get the result

Caaxlpozvgh
'Twas brillig, and the slithy toves
Did gyre and gimble in the wabe;
All mimsy were the borogoves,
And the mome raths outgrabe.

'Beware the Jabberwock, my son!
The jaws that bite, the claws that catch!
Beware the Jubjub bird, and shun
The frumious Bandersnatch!'

He took his vorpal sword in hand:
Long time the manxome foe he sought--
So rested he by the Tumtum tree,
And stood awhile in thought.

And as in uffish thought he stood,
The Jabberwock, with eyes of flame,
Came whiffling through the tulgey wood,
And burbled as it came!

One, two! One, two! And through and through
The vorpal blade went snicker-snack!
He left it dead, and with its head
He went galumphing back.

'And hast thou slain the Jabberwock?
Come to my arms, my beamish boy!
O frabjous day! Callooh! Callay!'
He chortled in his joy.

'Twas brillig, and the slithy toves
Did gyre and gimble in the wabe;
All mimsy were the borogoves,
And the mome raths outgrabe.
Your secret is bewareTheJabberwock

The secret is bewareTheJabberwock

After i put the secret into the ssh

It returns this

jabberwock:UnpleasantEncourageFrenchUnfinished

Then after that we will run linpeas in the machine

We see some interesting file that is being run by tweedledum user

Then we will put a reverse shell to it so that we can get the tweedledum user

As we can see we can execute the reboot with sudo

After we reboot the machine we see that we got the reverse shell from user tweedledum

Then we cat the txt file in the home directory of that user

dcfff5eb40423f055a4cd0a8d7ed39ff6cb9816868f5766b4088b9e9906961b9
7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed
28391d3bc64ec15cbb090426b04aa6b7649c3cc85f11230bb0105e02d15e3624
b808e156d18d1cecdcc1456375f8cae994c36549a07c8c2315b473dd9d7f404f
fa51fd49abf67705d6a35d18218c115ff5633aec1f9ebfdc9d5d4956416f57f6
b9776d7ddf459c9ad5b0e1d6ac61e27befb5e99fd62446677600d7cacef544d0
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
7468652070617373776f7264206973207a797877767574737271706f6e6d6c6b