Hello Dear Colleagues.
I have exhausted myself trying to figure our second flag… have ssh connected on C2-1 and C2-2 (prove: when i curl 127.0.0.1:8888 it responses with(<p>HELLOW WORDL</p>), and started a http.server listen on my machine, but when I try to ping from either C2 hosts, it says can’t reach…
Could you guys help me with it? what else should be done after reaching C2-2 to have the flag
Hey there - I’ve shared a bit of the instructor’s solution guide below.
The second endpoint (router) 192.168.100.254 has a single port 8000, which shows up as OpenSSH when nmap’s service and version scanning scripts are used. When attempting to login, it’s evident that its C2-2’s ssh port.
Next, you will need to issue a command that can “connect” the two services together - ie brokering access between the C2-2 host (listening on 127.0.0.1:8888) and an automated service on the compromised host that makes HTTP calls on 127.0.0.1:8888.
Thanks for help. It was quite a challenge for me… I was able to solve it at last but need to deepen my knowledge in this field.
2 Likes
Glad to hear it! I agree that this one is quite hard, relative to the Learn material and other Challenges. Well done on pushing through it.