# strings brainpan.exe brainpan.exe – password “shitstorm” The first step of debugging the application and trying to get the password of the brainpan.exe application is by reviewing its contents using a hex editor or to look for any ASCII strings in its binary code using the strings command: Phase 2: Inspecting and Fuzzing brainpan.exe Looking at the directory’s contents discloses a file named brainpan.exeĬhecking the application locally either using a simulated windows environment or wine shows that this application is most likely the web server daemon running on port 9999 on the target which nmap is not able to enumerate and reports as a possible abyss web server There’s nothing on the front page of the web server, neither a robots.txt file, and running dirb on the target discovers the following directory with directory listing: The port scan on this host discloses two remotely accessible opened ports – 9999 which nmap is unable to enumerate through its fingerprint database although the scanner reports it as a possible abyss web server, and 10000 which is a web server set up through the SimpleHTTPServer python module.Ĭonnecting to port 9999 using netcat spawns a password request prompt:Įnumerating port 9999 on target Brainpan 1 – a socket application requiring a password If you were looking either for a walkthrough on the Brainpan 1 vulnhub CTF or for a tutorial/article to serve as an Introduction to exploit development you clicked on the right link.
0 Comments
Leave a Reply. |