Skip to content

Latest commit

 

History

History
 
 

DevOps_User

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
nmap.txt
nmap.txt
 
 

README.md

DevOps User

Category

Box

Description

Can you find the user.txt flag on the box ?

URL : http://box.heroctf.fr (only dockers are on the scope, not the real machine behind)

The machine resets itself every hour, so keep track of your work !

Format : Hero{flag}
Author : xanhacks

Hints

  • There are a some steps and a lot of information to consider before validating this machine, but the overall level remains easy.
  • You get a password ? Check other services !

Files

Write up

A very good write up can be found here : https://podalirius.net/writeups/heroctf-2021-devops-box-writeup/.

Nmap

port 2222 : ssh port 3000 : gitea port 8080 : jenkins

Search for passwords (2 ways) :

  • git/ecommerce : Crack the private key and get "heroes" as passphrase
  • git/infra : The password "heroes" was also in the gitea Dockerfile : RUN echo "git:heroes" | chpasswd.

Log in into Jenkins admin dashboard with admin:heroes, you can now execute command on the Jenkins docker by going to the configuration panel of jenkins and executing Groovy script.

println "whoami".execute().text

Then, you can make a reverse shell with python for example.

@jenkins $ cat user.txt
Hero{dc97a2f7da5304d12fe820bd2a6d343d}

User flag gg !

Flag

Hero{dc97a2f7da5304d12fe820bd2a6d343d}