Irked

This time we are solving Irked from HTB! Pretty unique box since we are going to exploit a backdoor on IRC-client and also this box has some steganography (hurray?), so let's begin!

First off let's run nmap on target:

mkdir nmap
sudo nmap -sC -sV -oA nmap/ -T4 10.129.1.108

irked-nmap

There seems to be three ports open, let's start with 80 since it's http. irked-http

Just an image and some text about IRC. Nothing too interesting expect that there might be an irc server running on the server? Our initial nmap didn't find anything about that so let's run nmap again but this time with all ports!

sudo nmap -p- -T4 10.129.1.108

After running we find out that there's more ports open!

irked-nmap-all-ports

Port 6697 seems to have something to do with IRC but nmap didn't reveal anything too specific (irc-client name etc…) so let's run nmap one more time to enumerate these new ports!

sudo nmap -A -T4 -p6697,8067,58833,65534 10.129.1.108

It would be a good idea to login to irc server and checkout if there's some juicy info so let's do that! I had no IRC-client on my machine so I downloaded HexChat, but you can use the client you prefer. Let's check our the server, here is image of the network and config:

hexchat-irked

We got in! So it is a functioning IRC-server. That's about it, nothing to go on.