Vulnhub Matrix: 1 Walkthrough
Starting with a ping scan we find Matrix at 192.168.19.192 A service scan reveals 3 open ports A base64 encoded string can be found in the source of the web root on port 31337 Decoding this string reveals a command that redirects a quote to a file named 'Cypher.matrix' The server's response to http://matrix:31337/Cypher.matrix is a brainfuck sample I then used https://copy.sh/brainfuck to interpret the code This reveals a set of credentials, where the last 2 characters of the password are unknown I then used crunch to create a list of suffixes to use in combination with 'k1ll0r' Awk was then used to prepend 'k1ll0r' to the wordlist The list is now ready to be used in a dictionary attack against ssh using ncrack ncrack found the credentials to be 'guest:k1ll0r7n' We are now able to login to ssh using these credentials! Attempts to execute commands reveal that we are stuck in a restricted s