Skip to content

Instantly share code, notes, and snippets.

@pich4ya

pich4ya/lookingglass_ssh.txt

Created March 17, 2023 15:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pich4ya/b9707813f6f8ea0deccc9e8f09e33cf0 to your computer and use it in GitHub Desktop.
Save pich4ya/b9707813f6f8ea0deccc9e8f09e33cf0 to your computer and use it in GitHub Desktop.
Download ZIP
TryHackMe "Looking Glass" - Find the right port with binary search
Raw
lookingglass_ssh.txt
#!/bin/zsh
# @author Pichaya Morimoto (p.morimoto@sth.sh)
# https://tryhackme.com/room/lookingglass
# 10.10.169.23
function ssh_connect {
ssh root@10.10.169.23 -p $1 2>/dev/null | grep -q 'Higher' && echo "Higher" && exit 0
echo "Lower"
}
function binary_search_ssh {
start=$1
end=$2
echo "start ${start}, end ${end}"
while [ $start -le $end ]; do
mid=$(( ($start + $end) / 2 ))
echo "try ${mid}"
response=$(ssh_connect $mid)
if [ "$response" == "Higher" ]; then
echo "Higher"
end=$(( $mid - 1 ))
elif [ "$response" == "Lower" ]; then
echo "Lower"
start=$(( $mid + 1 ))
else
echo "Error: $mid"
exit 1
fi
done
echo "Could not find SSH service in the specified port range."
}
binary_search_ssh 9000 14000
# $ bash lookingglass.sh
# start 9000, end 14000
# try 11500
# Higher
# try 10249
# Lower
# try 10874
# Higher
# try 10561
# Higher
# try 10405
# Higher
# try 10327
# Lower
# try 10366
# Lower
# try 10385
# Lower
# try 10395
# Higher
# try 10390
# Higher
# try 10387
# Lower
# try 10388
# Lower
# try 10389
# $ ssh root@10.10.169.23 -p 10389
# You've found the real service.
# Solve the challenge to get access to the box
# Jabberwocky
# 'Mdes mgplmmz, cvs alv lsmtsn aowil
# Fqs ncix hrd rxtbmi bp bwl arul;
# Elw bpmtc pgzt alv uvvordcet,
# Egf bwl qffl vaewz ovxztiql.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment