Irked
This time we are solving Irked from HTB! Pretty unique box since we are going to exploit a backdoor on IRC-client and also this box has some steganography (hurray?), so let's begin!
First off let's run nmap on target:
mkdir nmap
sudo nmap -sC -sV -oA nmap/ -T4 10.129.1.108
There seems to be three ports open, let's start with 80 since it's http.
Just an image and some text about IRC. Nothing too interesting expect that there might be an irc server running on the server? Our initial nmap didn't find anything about that so let's run nmap again but this time with all ports!
sudo nmap -p- -T4 10.129.1.108
After running we find out that there's more ports open!
Port 6697 seems to have something to do with IRC but nmap didn't reveal anything too specific (irc-client name etc…) so let's run nmap one more time to enumerate these new ports!
sudo nmap -A -T4 -p6697,8067,58833,65534 10.129.1.108
…
It would be a good idea to login to irc server and checkout if there's some juicy info so let's do that! I had no IRC-client on my machine so I downloaded HexChat, but you can use the client you prefer. Let's check our the server, here is image of the network and config:
We got in! So it is a functioning IRC-server. That's about it, nothing to go on.