On Page 3, Linux File Transfer Methods, one the second exercise wants me to upload archive to the target machine, extract it there and get the hash (flag):
Upload the attached file named upload_nix.zip to the target using the method of your choice. Once uploaded, SSH to the box, extract the file, and run “hasher ” from the command line. Submit the generated hash as your answer.
I can’t find a way to do this, as there are no programs to extract the archive on the target machine. No unzip, no 7z etc.
Of course I can unzip it on my attacker machine but as the exercise clearly wants me to upload the zip and extract it on the target machine, isn’t this cheating? Can you please give advice on how to unzip it on target machine, when I don’t have permissions to install additional SW to unzip it? Thanks.
As you have solved the problem, would you be so kind to elaborate how you got the “upload_nix.zip” file transferred to the ParrotOS and the target instance initially?
It is downloadable on my local machine (not the PwnBox from which I have to upload it to the target).
From my lcoal machine, i try to use the following, without success. the ssh server on the target is running though:
scp upload_nix.zip usern_name_of_PwnBox@IP_of_PwnBox:~/
From here on, I would just transfer the zip file to the target. This seems a bit verbose, and I tried to upload the file to the target directly, from my local machine, and this fails as well.
if you still have problems uploading the file on the target machine then here is the solution ,i suggest you use your own vm and not the box on the cloud .when you download the zip file to your vm,unzip it and go into the directory where you saved the content and open a terminal from there and start the python3 -m http.server 8000 to server the contents of that directory .when you rdp into the target machine use wget to download the unzipped .txt file (wget ipaddress:8000/file.txt. if you have anyother problems reach out