Newrouge CTF

Secret Machine(10.10.11.120) Info: This machine had pretty sweet learning curve for new comers, exploiting command injection to get foothold and core-dump abuse to get root on machine. Recon: Starting with portscan, we get 3 open ports. PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack nginx 1.18.0 (Ubuntu) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: nginx/1.18.0 (Ubuntu) |_http-title: DUMB Docs 3000/tcp open http syn-ack Node.js (Express middleware) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: DUMB Docs Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel on port 3000 node js application is running and port 80 has docs for same application. And there is source-code avialable for downlaod. Docs shows how using API we can register new user and login it will then give JWT token for that u...

Stacked Machine(10.10.11.112) Info: This machine was quite special to me for few reasons. For starting my first insane machine solve. As i started this machine one day after retiring I tried not to look into solution and give it my raw try first but time to time i looked into 0xdf blog's whenever stuck, beacuse whynot It-is-Okay-to-Use-Writeups , but main reason i think is mindset seeing insane machine it's like i am not ready for it yet so it must be something very next level thing so i have to take help but that was not the case & i will work on it in future. HTB's rating could be deceptive as there was nothing that i didn't knew already. Now this machine was quite realistic as XSS is most common bug you will find on real targets and a CVE to exploit. All it needed was good enumeration skills and little patience to solve this. As Sonar's blog never handover complete exploit because what's the point in being script-kiddie we will try to unde...