THM: Startup is an easy Linux box that’s good for practicing enumeration. We will be pentesting the systems of Spice Hut, a spicy new food startup company. It starts off with a misconfigured FTP service that allows anonymous read access as well as write access in a specific directory. We will abuse this to upload some PHP shell code that we can execute through the HTTP service to get our initial foothold. Once on the box, a bit of enumeration reveals a PCAP file labeled as a suspicious incident. After combing through this file we’ll find the password for an unprivileged user. From there, privesc is a straightforward manipulation of a shell script being executed by root on a cronjob.

h4cked is a different kind of challenge than the CTFs I normally write about. Quite the opposite actually. We’re given the solution up front and are tasked with reverse engineering a hack by analyzing the traffic recorded in a PCAP file, otherwise known as a packet capture. (It’s an extremely detailed log of all inbound and outbound network traffic over a period of time.) After that we’ll use the findings to replicate the hack and root the box. We’ll use Wireshark to conduct our analysis. Let’s get started!