This article details a cybersecurity challenge based on the Moria VM, a Lord of the Rings-themed virtual machine used for penetration testing. It highlights the process of enumeration, brute-force attacks, hash cracking, and privilege escalation using various tools and techniques. #MoriaVM #LordOfTheRingsTheme
Keypoints
- The assessment began with full port scanning and service enumeration on FTP, SSH, and HTTP.
- Web directory brute forcing revealed character names, which were used as potential usernames.
- Brute-force and credential attacks successfully gained FTP access using a username and password derived from theme references.
- Discovered web content included hashed prisoner data, which was cracked to obtain further credentials.
- Privilege escalation was achieved through SSH key access, leading to root shell and flag retrieval.
Read More: https://infosecwriteups.com/vulnhub-ctf-moria-1-1-e67ebe70a438?source=rss—-7b722bfd1b8d—4