With today’s post I am experimenting with a new way of writing my hacking blog posts based on the 5 phases of red teams assessments.

This is another machine in the Hackfest 2016 series.

There are 4 flags on this machine One for a shell One for root access Two for doing post exploitation on Sedna

Alrighty, let’s hack the planet!

I’ve recently taken the Social Engineering Expert from RedTeam Security. If you don’t know about them, check out their articles and videos about their engagements, they’re doing some really cool stuff. In this post I will share my impressions about the course.

The challenge:

You are looking for two flags. Using discovered pointers in various elements of the running web application you can deduce the first flag (a downloadable file) which is required to find the second flag (a text file). Look, read and maybe even listen. You will need to use basic web application recon skills as well as some forensics to find both flags.

This machine is based on Star Wars. The goal is “to Beat the Empire and steal the plans for the Death Star before its too late.”. For this to happen, 6 flags encoded in base64 need to be collected.

I AM THE EMPIRE!

For this box, you have to find 8 flags, each containing an MD5 hash.

Today’s target is called Teuchter, and yes, apparently that’s a word. There is a theme for this machine, and this why this blog post is also..different. ye will need to hang tight to yer sanity for this one. Or drink some Irn-Bru. Ah had to look at other walkthroughs when Ah got stuck and some time was spent checking Scottish references, but it was all worth it!

So, what’s a Teuchter? The Wiktionary definition is:

(derogatory) A Highlander especially if Gaelic-speaking; a rural Scot in general; (in Glasgow and surrounding areas) a Scot with a thick accent from outside west-central Scotland.

Some hints from the author:

This VM is designed to be a bit of a joke/troll so a translator might be useful.

The challenge isn’t over with root. I’ve done my usual flag shenanigans.

A bit of info security research and knowing yer target helps here.

http://www.jackiestewart.co.uk/jokes/weegie%20windies%202000.htm

And this one:

Less hochmagandy and more studying is needed for this one!

Ah am sure ye have questions, so:

hochmagandy – Scottish a mainly jocular or literary word for sexual intercourse

Isn’t this a promising start..

The VM description states that IMF is a intelligence agency that you must hack to get all flags and ultimately root. The flags start off easy and get harder as you progress. Each flag contains a hint to the next flag.

The difficulty is Beginner/Moderate

Today’s target was created for the Hackfest 2016 CTF. The goal is to become root and get a flag on the machine.

Today’s boot2root is called PwnLab: init and the goal is to read the flag in /root/flag.txt