The real fun started today with a Capture the Flag (CTF) challenge by analyzing a .pcap file and hacking my way back into a compromised machine.
The challenge began by loading a .pcap file into Wireshark. I started by browsing through the packets and quickly noticed a flood of SYN flags, a clear sign of network scanning activity. Then, I came across the banner:
220 Hello FTP world!
That immediately hinted at an open FTP service. Tools like nmap -sV or netcat could have triggered that banner. From there, it was obvious someone was attempting a brute-force attack using the username jenny.
Following the TCP stream, I eventually saw a successful login. Then, I observed a few command-line interactions where the attacker uploaded a file named shell.php which was used to establish a reverse shell.
The coolest part came next: using Hydra to brute-force my way back into Jenny’s FTP account with the command:
hydra -l jenny -P /usr/share/wordlists/rockyou.txt ftp://10.10.60.59Once in, I downloaded the shell.php file, edited it to point to my own IP and port, and used it to create a reverse shell back to me.
To upgrade my shell, I used:
python3 -c 'import pty; pty.spawn("/bin/bash")'Then it was just a matter of escalating privileges. I ran sudo su, navigated to the appropriate directory, and used cat flag.txt
This challenge was insanely fun and really made me realize: this is the kind of stuff I love doing.
Later in the day, we had an intro to Metasploit. I had already completed all the labs before, so I took the time to revise what I had learned.
After class me and a few classmates (Mathieu and Simon) started a bug bounty group! We were going to find us some bugs on the decathlon.nl site. Looking at Dutch was like looking at scribble.
But that was not important. We were there to find our millionaire reward. We started by looking at the elements page and some nmap scanning.
We started with basic recon: inspecting the elements, running nmap scans, and poking around.
I spent a good chunk of time trying to bypass Cloudflare and even dug up an old IP they used but no luck there.
After some time I decided to play around. Simon gave me a few nmap commands and almost fried my PC by using every single http script with nmap. We also had some fun with Metasploit but no luck in there.
It was a fun first-time experience but not as easy as it looks to find vulnerabilities, especially a really secured website. We’re not gonna give up though, we’re just starting.
