PRIVATE AGENT WRITEUP

PRIVATE AGENT CYBERTALENTS WRITEUP

The challenge was just requesting one to find the user agent that will allow one access to the site.



So after opening the site we see the following;



So at first I looked at the source code and saw nothing only to realize that at the bottom of it there was a commented line.


I used the curl command and saw the user-agent


```

┌──(you㉿me)-[~]

└─$ curl http://wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com/

<!DOCTYPE html>

<html lang="en">

  <head>

    <meta charset="utf-8">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>private-agent</title>


    <!-- Bootstrap -->

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">


    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->

    <!--[if lt IE 9]>

      <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>

      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>

    <![endif]-->

  </head>

  <body style="background-color:#222831;">

        <div style="text-align:center;"><img style="height:350px;" src="https://media.giphy.com/media/3HqPTBUMM2eXe/giphy.gif" alt="look for private agent"></div><br><br>

      <h1 style="color:red;text-align:center;"> Sorry , Private agent only can get in \!</h1>

      <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

      <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>

      <!-- Include all compiled plugins (below), or include individual files as needed -->

      <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>

      <script>


      </script>

    </body>

  </html>

























































<!-- TO_Be_Removed => Privet-Agent access => givittome-->

                                                                                                                                                                        

```


We can see the user agent givittome , so we have to change our user agent to that we can do this by using burpsuite or curl but i prefer curl, its kinda geeky ;).


```

┌──(you㉿me)-[~]

└─$ curl http://wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com/ -A "givittome"

<!DOCTYPE html>

<html lang="en">

  <head>

    <meta charset="utf-8">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>private-agent</title>


    <!-- Bootstrap -->

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">


    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->

    <!--[if lt IE 9]>

      <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>

      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>

    <![endif]-->

  </head>

  <body style="background-color:#222831;">

        <div style="text-align:center;"><img style="height:350px;" src="https://media.giphy.com/media/3HqPTBUMM2eXe/giphy.gif" alt="look for private agent"></div><br><br>

      <h1 style="color:#3eff00; margin-left:16%">Hello Ag3nt<br></h1><h2 style="color:#50d890;text-align:center;">Look for flag somewhere </h2>

      <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

      <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>

      <!-- Include all compiled plugins (below), or include individual files as needed -->

      <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>

      <script>


      </script>

    </body>

  </html>

  

```


From the results we are told to look for the flag in there somewhere soo what come to my head is to inspect the headers. So I added -v to the command 


```

┌──(me㉿you)-[~]

└─$ curl http://wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com/ -A "givittome" -v

*   Trying 52.53.57.75:80...

* Connected to wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com (52.53.57.75) port 80 (#0)

> GET / HTTP/1.1

> Host: wcamxwl32pue3e6meg23gk9h8z4km2360kxlcg30-web.cybertalentslabs.com

> User-Agent: givittome

> Accept: */*

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Server: nginx/1.21.0

< Date: Sat, 27 Nov 2021 10:56:11 GMT

< Content-Type: text/html; charset=UTF-8

< Content-Length: 1808

< Connection: keep-alive

< X-Powered-By: PHP/7.2.34

< Xflag: W3lcome_Ag3nt8

< Vary: Accept-Encoding

<!DOCTYPE html>

<html lang="en">

  <head>

    <meta charset="utf-8">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title>private-agent</title>


    <!-- Bootstrap -->

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">


    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->

    <!--[if lt IE 9]>

      <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>

      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>

    <![endif]-->

  </head>

  <body style="background-color:#222831;">

        <div style="text-align:center;"><img style="height:350px;" src="https://media.giphy.com/media/3HqPTBUMM2eXe/giphy.gif" alt="look for private agent"></div><br><br>

      <h1 style="color:#3eff00; margin-left:16%">Hello Ag3nt<br></h1><h2 style="color:#50d890;text-align:center;">Look for flag somewhere </h2>

      <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->

      <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>

      <!-- Include all compiled plugins (below), or include individual files as needed -->

      <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>

      <script>


      </script>

    </body>

  </html>



```

You noticed the Xflag header ;).

Comments

Post a Comment

Popular posts from this blog

SHARING FILES BETWEEN TWO LINUX DEVICES USING ETHERNET

Image
 Hi guys, in this blog I'll be showing you how to share files between two Linux machines using ethernet.  CONFIGURING THE TWO KALI LINUX MACHINES. Navigate to the network settings and click on the +   to add a network and select Ethernet as shown below. Click the create button. You can rename the network connection created to kalitokali as shown below then navigate to the IPV4 Settings tab. While in this tab, click the pull-down arrow at Method  and select Link-Local Only  as shown below, and click on save. Now having done that to the two Linux devices you'll see a connection is established. Now to verify if all is well open the terminal and type ifconfig  and check whether under the ethernet connection there is an assigned IP address. SHARING FILES AND FOLDERS. To share files now we will type the following commands in the terminal. ''' sudo systemctl start ssh.service --> This command will start the ssh service in Kali Linux '''' The reason for s
Read more

SHARING FILES BETWEEN A LINUX AND A WINDOWS MACHINE USING ETHERNET CABLE.

Image
 HOW TO SHARE FILES BETWEEN A LINUX AND A WINDOWS MACHINE USING ETHERNET CABLE In this blog, I will show you step by step how you can share files between a windows machine and a Kali Linux machine. We will start with windows configuration and then go to Linux configuration. WINDOWS CONFIGURATION Go to the search bar and search for the control panel and open it. In the control panel select Network and Internet A new page will be open and select Network and Sharing Center Now connect the ethernet cable in the Linux machine and the windows machine. An Ethernet network connection will appear and you'll click on it. After Clicking on it a pop-up like shown below will show up. On the pop click on the properties button and another pop up will appear. Now on the above pop up look for Internet Protocol Version 4(TCP/IP4)  and select it and after that click on properties. A configuration page will be shown and you'll have to configure it as shown below. ``` 192.168.1.2 ---> This will
Read more

DROZER IN KALI LINUX 2020.4

HOW TO INSTALL DROZER IN KALI LINUX 2021.4 So the whole last year I have been having trouble installing drozer in Kali Linux without necessarily using it in docker. In this article, I will be showing you how I was able to successfully install drozer in kali Linux 2020.4. First, we have to install pip2.7 in our kali machine which is done by: ``` wget https://bootstrap.pypa.io/pip/2.7/get-pip.py  ``` After doing this we get the get-pip.py in the folder we are in. So we use python2 to install the pip2.7 using the get-pip.py. ``` sudo python2 get-pip.py ``` Use which command to verify whether it is installed: ``` ┌──(you㉿me)-[~/Extracted/Software] └─$ which pip2.7                                      /usr/local/bin/pip2.7 ``` After this we have to wget the drozer whl  from Github: ``` wget https://github.com/FSecureLABS/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl ``` After doing so, we install the whl using pip2.7 ``` sudo pip2.7 install drozer-2.4.4-py2-none-any.whl ``` A
Read more