HMVLabs
HMVLabs Chapter 1: Venus
ssh hacker@venus.hackmyvm.eu -p 5000 # havefun!
cat readme.txt
- Key points:
- This CTF (Capture The Flag) for beginners focuses on Linux and CTF skills.
- User home directories are
/pwned/USER
, containingmission.txt
(mission details) andflagz.txt
(for the ranking at https://hackmyvm.eu, optional). - Secret levels and hidden flags exist.
- Use
/tmp
for writable files/scripts, but be aware it's frequently cleared. - Some users can modify files in
/www
, accessible via http://venus.hackmyvm.eu (e.g., modifying /www/hi.txt changes http://venus.hackmyvm.eu/hi.txt). - Discord for questions/feedback: https://discord.gg/DxDFQrJ.
- Be respectful to other players.
cat mission.txt # User sophia has saved her password in a hidden file in this folder. Find it and log in as sophia.
ls -la
cat .myhiddenpazz # Y1o645M3mR84ejc
su sophia
# The user angela has saved her password in a file but she does not remember where ... she only remembers that the file was called whereismypazz.txt
cat $(find / -type f -name whereismypazz.txt 2>/dev/null) # oh5p9gAABugHBje
# The password of the user emma is in line 4069 of the file findme.txt\
sed -n '4069p' findme.txt # fIvltaGaq0OUH8O
# User mia has left her password in the file -.
cat ./- # iKXIYg0pyEH2Hos
# It seems that the user camila has left her password inside a folder called hereiam
ls -a $(find / -type d -name hereiam 2>/dev/null) && cat /opt/hereiam/.here # F67aDmCAAgOOaOc
# The user luna has left her password in a file inside the muack folder.
cat $(find muack/ -type f -not -size 4096c -print) # j3vkuoKQwvbhkMc
# The user eleanor has left her password in a file that occupies 6969 bytes.
cat $(find / -type f -size 6969c -print 2>/dev/null) # UNDchvln6Bmtu7b
# The user victoria has left her password in a file in which the owner is the user violin.
cat $(find / -type f -user violin 2>/dev/null) # pz8OqvJBFxH0cSj
# The user isla has left her password in a zip file.
unzip passw0rd.zip -d /tmp/ && cat /tmp/pwned/victoria/passw0rd.txt # D3XTob0FUImsoBb
# The password of the user violet is in the line that begins with a9HFX (these 5 characters are not part of her password.).
echo $(grep "^a9HFX" passy | sed 's/^a9HFX//') # WKINVzNQLKLDVAc
# The password of the user lucy is in the line that ends with 0JuAZ (these last 5 characters are not part of her password)
grep "0JuAZ$" end # OCmMUjebG53giud
# The password of the user elena is between the characters fu and ck
awk '/fu.*ck/' file.yo # 4xZ5lIKYmfPLg9t
# The user alice has her password in an environment variable.
printenv # PASS=Cgecy2MY2MWbaqt
# The admin has left the password of the user anna as a comment in the file passwd.
cat /etc/passwd | grep alice # w8NvY27qkpdePox
# Maybe sudo can help you to be natalia.
sudo -l # (natalia) NOPASSWD: /bin/bash
sudo -u natalia /bin/bash
# The password of user eva is encoded in the base64.txt file
cat base64.txt | base64 -d # upsCA3UFu10fDAO
# The password of the clara user is found in a file modified on May 1, 1968.
find / -type f -mtime +19345 2>/dev/null # 39YziWp5gSvgQN9
# The password of user frida is in the password-protected zip (rockyou.txt can help you)
scp -P 5000 clara@venus.hackmyvm.eu:~/protected.zip .
fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt protected.zip # PASSWORD FOUND!!!!: pw == pass123
unzip protected.zip # Password: pass123
cat /pwned/clara/protected.txt # Ed4ErEUJEaMcXli
# The password of eliza is the only string that is repeated (unsorted) in repeated.txt.
uniq -d repeated.txt # Fg6b6aoksceQqB9
# The user iris has left me her key.
ssh -i .iris_key -p 5000 iris@venus.hackmyvm.eu
# User eloise has saved her password in a particular way.
scp -P 5000 iris@venus.hackmyvm.eu:~/eloise ./
cat eloise | base64 -d > img.jpg # yOUJlV0SHOnbSPm
# User lucia has been creative in saving her password.
echo "75764D77464451725157504D6547500A" | xxd -r -p # uvMwFDQrQWPMeGP (hexadecimal dump to ASCII)
# The user isabel has left her password in a file in the /etc/xdg folder but she does not remember the name, however she has dict.txt that can help her to remember.