Hack the Fartknocker VM (CTF Challenge)

Top HatSec built a VM image “Fart knocker” and kept the challenge to capture the flag in his machine. This VM box is mainly design for testing your network penetration skills, before solving this challenge you must know about network packet analysis and port knocking.

 Let’s begin!

 Scan your network using netdiscover command I found an IP address in my network.

Enumerate the target through aggressive scan; type following command for nmap scanning:

nmap -p- A

So here I found only single port 80 is open

Since port 80 is open I look toward browser and explore target ip, here I got a Link “Woah” without wasting time I just clicked on it.

Link Woah contains a pcap1.pcap file; I download it to find out some clue.

This file open with wireshark here I distinguish that VM box trying to connect over TCP ports 7000, 8000, and 9000. Behind the machine efforts on those 3 ports it gets discarded and some obstructed attempts on a connection RST, ACK; when I dig out more I found this technique is known as port knocking.

Port 7000 is used for connection but rejected.

Port 8000 is used for connection but rejected.

Port 9000 is used for connection but rejected.

Now send packets to 7000, 8000, 9000 so that these ports sequence will open another port. Therefore type following command for nmap to perform a Sequential Port Scan.

Nmap –r –p 7000, 8000, 9000

Once again scan target machine using aggressive scan.

Nmap –p- A

Great!  Here we can see 8888 is open now and from screenshot you read a new directory /burgerworld/

Then I run towards browser to explore this time again I found another link heheh..hehh that contains one more pcap file again I download that pcap2.pcap file.

Now the game is very clear Top HatSec had involve port knowing at each step, again I opened pcap2 file with wireshark but this time I didn’t found any port knocking sequence therefore I randomly select a packet to follow it TCP stream.  Here you can select any packet make right click on it and choose follow option.