Today we will be doing Bob walkthrough. This machine is available on vulnhub at https://www.vulnhub.com/entry/bob-101,226/

Let starts.

Findind ip address of the machine.

Next is nmap enumeration

Port 80 and port 25468 open

Port 80 enumeration

So we tried to execute some commands, but was failed. After trying / searching, found that more /etc/passwd | ls is wokring fine.

Using simlar pattern, tried to have a reverse shell using burp suite

And we got the shell

Enumerating users

Enumerating bob user

Got password for jc and seb

Got login.txt.gpg from Bob user. This can contain the bob cred. Let find the key to decrypt the login.txt.gpg.

After searching internet, found that key is First letter of the sentence from Notes.txt. Using secret as HARPOCRATES, decrypting login.txt from bob

Got the password for bob, login using the same.

Now it just a matter of seconds before the root.

This is a fun box. Got stuck to find the key to decrypt gpg file ( login.txt.gpg).

Lots of learnings 🙂

Thanks vulnhub and owner for this box.