Capture The Flag (One Use Arrow) Mac OS
Capture The Flag (One Use Arrow) Mac OS
In this article, we will learn to solve the “Toppo: 1” Capture-the-Flag (CTF) challenge which was posted on VulnHub by Hadi Mene. According to the information given in description by the author of the challenge, this CTF is not very hard and does not require advanced exploitation. You can use this link to download the VM and launch it on Virtual Box. The torrent downloadable URL is also available for this VM; the link is in the sources section at the end of this article.
- Capture The Flag (one Use Arrow) Mac Os Catalina
- Capture The Flag (one Use Arrow) Mac Os X
- Capture The Flag (one Use Arrow) Mac Os 11
- Capture The Flag (one Use Arrow) Mac Os X
You can remove the small alias arrow from files within Finder. Alter the system file by removing the small arrow. The file path within this video: /System/Li. Of course you can use QuickTime to record both screen with audio, and you need to install a virtual sound card like soundflower to capture computer sound. Besides, you can also try to use screen recorders like ShowMore (free screen recorder for Windows and Mac), Jing (5 minutes' recording limitation) and many more to do the recording.
For those who are new to CTF challenges and are not aware of this platform, VulnHub is a well-known website for security researchers which provide users with a method to learn and practice their hacking skills through a series of challenges in a safe and legal environment.
Please Note: For all of these machines, I have used Oracle Virtual Box to run the downloaded machine. I will be using Kali Linux as an attacker machine for solving this CTF. The techniques used are solely for educational purposes, and I am not responsible if the listed techniques are used against any other targets.
After downloading and running this machine in Virtual Box, we start by running the Netdiscover command to obtain the IP address of the target machine. The command and its output can be seen in the screenshot given below:
- Consider the following protocol independent limitation when you are using Mac OS X clients with the Storwize V7000 Unified system: For the reliable operation of the Mac OS X client, do not run a packet capture application such as tcpdump in parallel with I/O to the system. Any network packet capture might destabilize the Mac OS X client.
- Mac’s Built-In Option. Before we look at alternatives, let’s start with the native snipping tool for Mac. Use the Command + Shift + 3 keyboard shortcut to capture the entire screen. The Command + Shift + 4 shortcut lets you select an area of the screen.
- Capture The Flag ('excerpt' missing) Setup. On the share (FS-01shareNewDeveloperExercisesCaptureTheFlag) there is a VM Virtual Machine titled 'New Developer CTF Capture the Flag Windows 8.1 x64.zip'. Copy the zip to your local machine and extract the VM. If VMWare asks, you copied it. The CTF Capture the Flag snapshot sets the baseline for.
Command Used: Netdiscover
As shown in the highlighted area in the above screenshot, we have obtained the Virtual Machine IP address, i.e., 192.168.1.7 (the target machine IP address).
We will be using 192.168.1.11 as the attacker IP address.
Please Note: the target and the attacker IP addresses may be different depending on your network configuration.
So we have the target machine IP; the first step is to find out the ports and services that are available on the target machine. An Nmap full port scan is used for this purpose. This is illustrated in the screenshot given below:
Command Used: nmap 192.168.1.7 -v -Pn
After the completion of the scan, we get four open ports on the target machine. I decided to start with the HTTP port. When we open it on the browser, it shows a very nice website which can be seen in the following screenshot.
Unfortunately, I couldn’t get any hints from its homepage. I also explored other web pages too for any interesting information but didn’t find anything. So I decided to run the Dirb utility, which is by default available in Kali Linux. The screenshot of the tool output can be seen below.
Command Used: dirb http://192.168.1.7/
As can be seen in the above screenshot, we get a few directories as output. Some of the directories which caught my attention are given below.
- Admin/
- Mail/
- Vendor/
I started further exploration with the admin directory, which had directory listing enabled. That can be seen in the screenshot given below.
As you can see, this directory contains a text file called notes.txt. Let’s open this file. There was an interesting note left about the application, which can be seen in the below screenshot.
https://machines-deposit-bel-slot-yh-reel-five.peatix.com. A note is written which says the current password is “12345ted123,” which needs to be changed. So at this time I thought there might be a login page in this application where we can log in with this password. I explored other directories to find the login page but didn’t find anything.
Since the SSH port was identified as open in the Nmap scan, so I thought the default user could be root and the password we already got from the notes. I tried to login via SSH with user “root” and the above password. But the credentials were not valid, which can be seen in the following screenshot.
After that I decided to try the hit-and-trial method to guess the username and used the following credentials to login via SSH.
Username: ted
Password: 12345ted123
These credentials allowed us to log into the target machine. The successful SSH login can be seen in the following screenshot.
After that I used the “id” command to check whether ted is a root user or not. It shows that ted is not a root user in the target machine. Now we need to escalate the privilege to get to the root.
Capture The Flag (one Use Arrow) Mac Os Catalina
I stared exploring the target machine. The basic thing is to check the OS version and the Kernel version of the target machine, because there are lots of privilege-escalation exploits available over the Internet. The target machine OS and Kernel version can be seen in the following screenshot.
Command Used : uname –a, cat /etc/issue
As you can see, we have the version details of the target machine’s OS, but there was no exploit available for this version of the OS.
After spending some time and exploring the target machine with limited access user, I found few binaries which had SUID permissions.
Command Used : find / -perm -u=s -type f 2>/dev/null
One of the interesting binaries which we found was Python, which can also be seen in the highlighted area of the above screenshot. So now we can use this to escalate the privilege of the user to get the root access of the target machine.
Command Used : /usr/bin/python2.7 -c ‘import pty;pty.spawn(“/bin/sh”)’
As you can see, we have successfully escalated the privilege of the user and gotten the root access. So let’s find the flag, which should be available in the root folder. It can be seen in the following screenshot.
As you can see in the above screenshot, we’ve got the flag! There was only one file in the root folder, and that was the flag file. Ld42 - spaced out mac os.
This completes this CTF. I hope you liked this article and enjoyed learning this machine. If you have any questions, I would love to answer them, so please leave them in the comments.
Toppo: 1, Vulnhub
Download Toppo.zip, Vulnhub
Capture The Flag (one Use Arrow) Mac Os X
Download Toppo.zip (Torrent), Vulnhub
These key combinations apply only to Mac computers with an Intel processor, not Mac computers with Apple silicon.
Capture The Flag (one Use Arrow) Mac Os 11
To use any of these key combinations, press and hold the keys immediately after pressing the power button to turn on your Mac, or after your Mac begins to restart. Keep holding until the described behavior occurs.
- Command (⌘)-R: Start up from the built-in macOS Recovery system. Or use Option-Command-R or Shift-Option-Command-R to start up from macOS Recovery over the Internet. macOS Recovery installs different versions of macOS, depending on the key combination you use while starting up. If your Mac is using a firmware password, you're prompted to enter the password.
- Option (⌥) or Alt: Start up to Startup Manager, which allows you to choose other available startup disks or volumes. If your Mac is using a firmware password, you're prompted to enter the password.
- Option-Command-P-R:Reset NVRAM or PRAM. If your Mac is using a firmware password, it ignores this key combination or starts up from macOS Recovery.
- Shift (⇧): Start up in safe mode. Disabled when using a firmware password.
- D: Start up to the Apple Diagnostics utility. Or use Option-Dto start up to this utility over the Internet. Disabled when using a firmware password.
- N: Start up from a NetBoot server, if your Mac supports network startup volumes. To use the default boot image on the server, hold down Option-N instead. Disabled when using a firmware password.
- Command-S: Start up in single-user mode. Disabled in macOS Mojave or later, or when using a firmware password.
- T: Start up in target disk mode. Disabled when using a firmware password.
- Command-V: Start up in verbose mode. Disabled when using a firmware password.
- Eject (⏏) or F12 or mouse button or trackpad button: Eject removable media, such as an optical disc. Disabled when using a firmware password.
Capture The Flag (one Use Arrow) Mac Os X
If a key combination doesn't work
If a key combination doesn't work at startup, one of these solutions might help:
- Press and hold all keys in the combination together, not one at a time.
- Shut down your Mac. Then press the power button to turn on your Mac. Then press and hold the keys as your Mac starts up.
- Wait a few seconds before pressing the keys, to give your Mac more time to recognize the keyboard as it starts up. Some keyboards have a light that flashes briefly at startup, indicating that the keyboard is recognized and ready for use.
- If you're using a wireless keyboard, plug it into your Mac, if possible. Or use your built-in keyboard or a wired keyboard. If you're using a keyboard made for a PC, such as a keyboard with a Windows logo, try a keyboard made for Mac.
- If you're using Boot Camp to start up from Microsoft Windows, set Startup Disk preferences to start up from macOS instead. Then shut down or restart and try again.
Remember that some key combinations are disabled when your Mac is using a firmware password.
Learn more
- Keyboard shortcuts that you can use after your Mac has started up.
Capture The Flag (One Use Arrow) Mac OS