Teenage Mutant Ninja Squirtles
Group Intro
Interested in more challenges like this? Dive deep into the offensive skills to solve them in the following course(s):
- SEC542: Web App Penetration Testing and Ethical Hacking
- SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
- SEC560: Network Penetration Testing and Ethical Hacking
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
Flags
| Objective | Flag |
|---|---|
| 0x01 | flag{iseeyoufoundmyrobot} |
| 0x02 | flag{260373c521fdcdc8b24284debcd7db2f} |
| 0x03 | flag{046afb9db536aea3a750cd9bb45eded5} |
| 0x04 | |
| 0x05 | |
| 0x06 | |
| 0x07 | |
| 0x08 | |
| 0x09 | |
| 0x0A | |
| 0x0B | |
| 0x0C | |
| 0x0D | |
| 0x0E | |
| 0x0F | |
| 0x10 | |
| 0x11 |
0x01
Objective
The Foot Clan is known to host their DMZ'd website on tmns.footclans.ninja, your mission is to gain access to this website and pivot into the intranet. Along the way you will find flags and maybe some easter eggs to let you know you are on the right track.
Find Flag 0 through basic enumeration of tmns.footclans.ninja
Solution
Flag on robots.txt
0x02
Objective
The Foot Clan is known to host their DMZ'd website on tmns.footclans.ninja, your mission is to gain access to this website and pivot into the intranet. Along the way you will find flags and maybe some easter eggs to let you know you are on the right track.
Check out this snazzy site, what do they have going on here?
Solution
Flag is just there on the page.
0x03
Objective
Find flag.txt on tmns.footclans.ninja. Yes it that easy, don't overthink it yet you still have a long way to go.
Solution
Yeah, it really was that easy.
0x04
Objective
Find and read Shredder's notes on tmns.footclans.ninja. Hmmmm what is this weird webserver, you've got to figure out what's in his notes!
Solution
I scanned with nmap, saw that 8080 was open also.
nmap -Pn -T4 --max-retries 0 -p- -oN quick.nmap 20.105.40.247
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( [https://nmap.org](https://nmap.org) ) at 2021-11-16 13:46 EST
Warning: 20.105.40.247 giving up on port because retransmission cap hit (0).
Nmap scan report for 20.105.40.247
Host is up (0.081s latency).
Not shown: 65532 filtered ports
PORT STATE SERVICE
80/tcp open http
8080/tcp open http-proxy
22022/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 56.38 seconds
Weird
Ran out of time. Didn't complete this objective.
0x05
Objective
So you found your way in? Have a look around.
Solution
Ran out of time. Didn't do any work on this objective.
0x06
Objective
Get Shredder's password to tmns.footclans.ninja and get a foothold. Hint: all lowercase, no spaces
Solution
Ran out of time. Didn't do any work on this objective.
0x07
Objective
You found your way into the DMZ? Well done, now your mission is to get find something of Shredder's that will help you pivot to the internal network. The flag you are looking for is on a new target, not on Target1. The file on Target 2 that enabled you to get there is where the flag is.
hint: use wordlist: /usr/share/wordlists/metasploit/unix_passwords.txt
Solution
Ran out of time. Didn't do any work on this objective.
0x08
Objective
Pivot to the internal network, find out what Foot Fam is up to!
Solution
Ran out of time. Didn't do any work on this objective.
0x09
Objective
Now you are inside, your mission is to capture all flags and identify the location of the development server!
Solution
Ran out of time. Didn't do any work on this objective.
0x0A
Objective
Now you are inside, your mission is to capture the flags and find a way to the secret!
Solution
Ran out of time. Didn't do any work on this objective.
0x0B
Objective
Find the flags and warn the world of what is in the works! Hey whats this blog doing here?
Solution
Ran out of time. Didn't do any work on this objective.
0x0C
Objective
Find a way to own this box, its on the internal dev net and may lead us to the secret! P.S. I heard Shredder manages this thing.
Solution
Ran out of time. Didn't do any work on this objective.
0x0D
Objective
Why are backups so hard?
Solution
Ran out of time. Didn't do any work on this objective.
0x0E
Objective
This is it, the home stretch... some weird old machine that shouldn't have been plugged in. You get a foothold and we may just be able to stop them....now go find out what kind of shocking things FootFam is hiding! I'm glad shredder left a backdoor on this target, who's the victim now?
Solution
Ran out of time. Didn't do any work on this objective.
0x0F
Objective
You have your foot in the door, this has got to be where he's hiding it!
Solution
Ran out of time. Didn't do any work on this objective.
0x10
Objective
What a friggen mess...we'll find it, just gotta keep looking!
Solution
Ran out of time. Didn't do any work on this objective.
0x11
Objective
The final flag...you must have found the instructions for the anti-mutagen serum! You've got to crack it and destroy the contents
Solution
Ran out of time. Didn't do any work on this objective.