I had a twitter follower recently inform me that OverTheWire had a new wargame up and running. I was immediately excited and downloaded it. Several days later, I actually was able to start tinkering with it.
I booted up the image, and proceeded to do some preliminary nmap scans. I found a few services runinng:
mandreko$ nmap -sV -p1-65535 -T4 192.168.188.134 Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-15 10:28 EST Nmap scan report for 192.168.188.134 Host is up (0.0077s latency). Not shown: 65511 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.8p1 Debian 7ubuntu1 (protocol 2.0) 80/tcp open http Apache httpd 2.2.20 ((Ubuntu)) 6667/tcp open irc Unreal ircd 8000/tcp open http Icecast streaming media server 21342/tcp open unknown 21768/tcp open unknown 21951/tcp open unknown 23917/tcp open unknown 24578/tcp open unknown 24783/tcp open unknown 25275/tcp open unknown 26791/tcp open unknown 31308/tcp open unknown 31418/tcp open unknown 31874/tcp open unknown 32704/tcp open unknown 33039/tcp open unknown 34466/tcp open unknown 34538/tcp open unknown 34957/tcp open unknown 36199/tcp open unknown 37213/tcp open unknown 37628/tcp open unknown 37956/tcp open unknown
Based on the clue on the Monxla page, “Hint: how big is the page you are looking at?“, I connected to the webserver.
It looked like a fairly generic page, but I viewed the source, and found a huge amount of text commented out. Since it was all alpha-numeric other than ending with a single “=”, I figured it was probably Base64.
I copied the text into a new file on my machine. I then decoded it and found out what type of file it was:
mandreko$ base64 -D monxla -o monxla.decoded mandreko$ file monxla.decoded monxla.decoded: PDF document, version 1.4 mandreko$ mv monxla.decoded monxla.pdf
When the PDF (available here) is then opened, it shows a report of running services that may need attacked. This is similar to “levels” in most wargames, I believe (I haven’t yet finished this wargame).
My next article in this series will show how to exploit the “Bookmarks Service”.