The provided solution details the process of breaking into a vulnerable server and gaining root access using a variety of techniques.
Initially, the scanning tool Nmap is employed to identify the target system’s operating system and vulnerabilities.
Dropbear SSH services are discovered to be running on multiple ports, and a binary search approach is used to determine the correct port.
The target system challenges the user with an encrypted message, which is decoded using the Vigenère cipher and decryption tools.
The message contains a secret username and password used to access the real OpenSSH service on port 22.
Using valid credentials, the user connects to the target system and retrieves the user flag from the ‘user.txt’ file.
The user then lateral moves to other accounts, investigating potential vulnerabilities and discovering a script (twasBrillig.sh) that runs on system reboot.
The script is exploited to gain access to the tweedledum account and a file owned by humptydumpty is decoded to reveal a password used to escalate to root.