This room is designed by myself and for all the rooms that I will be doing write ups for I will give them a rating based on how CTFy they are and how real life they are.

I will also be outlining basic skills that you should be picking up out of the room.

Metrics Score
CTF 5/10
Realism 6/10

Lessons: Windows File Permissions, reuse of credentials, poorly configured permissions

Task #1

  1. We have to run a nmap scan on the box
    nmap IP -p- -sV -T 5


  1. We look at the above nmap scan and figure out which is the correct port for the webserver
  2. We look at the above nmap scan and figure out which is the correct port for the Remote Desktop Service
  3. We look through the website and look at robots.txt file


  1. Quick maths for this one.

  2. We can find this information on the main page of the webserver.


  1. This is an easy one. We just have to Google the verses, we are also provided with the name of the author from the first blog post.


  1. This one is a little bit about deduction. We see that in the second article posted on the blog a user has provided an email address. Noticing the pattern of the email we can put together the email address of the administrator.


Task #2

  1. For the first flag, we need need to inspect the element of the article we just viewed


  1. For this one we need to inspect the element of the search bar


  1. For this one, we need to go to Jane Doe's profile


  1. This flag is located in the first blog post

Task #3

  1. After a little bit of trial and error or hopefully knowing that local users cannot to a Windows machine that is not on the domain with an email and with the password that was discovered before they should be able to log in to the box.

  2. Once the user logs in a file is on the desktop that contains the flag

  3. This is a tricky one. There is a hidden folder on the root of the C:\ that file had the permissions removed however the user has ownership over the file. So he has to give himself permissions to read it.


  1. This one can be done in multiple ways:
    a. Remote Desktop to the box again with the Administrator credentials
    b. Run command prompt/ PowerShell as a different user.


Hopefully now you have completed the room and learned a few lessons.