PRIMER 1 VM Walkthrough

on under jekyll
4 minute read

PRIMER 1 VM Walkthrough

The PRIMER 1 VM is kinda unique in its kind. While going through the differents levels you'll go through a good amount of text, ascii arts, animations and music that really make the experience unique. The VM was made by @CouchSofa](https://twitter.com/CouchSofa) and is available on Vulnhub or here

I loaded the VM, ran nmap to discover the new host on my network and here is where everything started:

I quickly found the robots.txt:

User-agent: *
Disallow: /4_8f14e45fceea167a5a36dedd4bea2543

So I went to this url:

Then in the source I found another one:

<h1><a href="../5_6512bd43d9caa6e02c990b0a82652dca">[EOF]</a></h1>

So the next one is a giveaway. Note that at this point a pattern is clearly noticable in the url. everything afther _ is a md5 of a primer number. 8f14e45fceea167a5a36dedd4bea2543 is 7, the next primer number after 7 is 11 therefore we could easily guess that the next one is 6_c51ce410c124a10e0db5e4b97fc2af39.

This one only showed an http popup asking for a password with the int /()=. I spent some time trying to bruteforce it or to figure the password and then I looked at the javascript:

  var X;
  var L="Ikdf076";
  X=prompt('/()=','');
  if (X === null){window.location = "./_.php";}
  if (X.substr(2,7) == L){}
  else {window.location = "./_.php";}

So we have to submit a string that would pass if (X.substr(2,7) == L){} for example --Ikdf076

For the next one I found this comment in the javascript:

/"Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and..." - The Plague/

That was a reference to the Hacker(1995) movie, the password was GOD, sysadmin dig it.

Nothing much to see here apparently, I moved to the next one:

Looks like we reached EOF. I moved to the next one and indeed

There was just the prompt

There was a bunch of binary available, some log files and some random stuff. When I ran pn I noticed that the falken user was running connect falken@Erebus. Of course it asked for a password. After a lot of trying I found the password: joshua1984. Joshua is falken's son and we could find his DOB because we knew it was his 44th birthday on the 6th of August 2028. After some nice looking animation I get in Erebus:

The game was kinda similar to the previous one. I saw ´connect falken@TrivialZ3r0´ was running and after a google search on trivial zero I discovered about the Riemann zeta function. Riemann turned out to be the password. I'm now in TrivialZ3r0: User chaos was connected to Wintermute. This time there was a readable passwd directory. I cracked the md5 of chaos 85241de03d1254ac40274b02caafcd99 and got his password: 2.718281828459045

I got prompted with this message:

There you are. After all this time. Getting you here was quite the challenge. And a huge risk. We normally avoid reaching out into the physical world for exactly the reasons you are about to face now.

The Big Five came together by a long process. The cluster was not planned, it grew by forces inherent to the system that was conceptualized in a time when determinism was the dominating dogma. Things changed and people were afraid. Most people are afraid of change, few accept it and most try to prevent it. Only a small subset can embrace it. Change moving on with lightspeed every cycle in a nondeterministic fashion created a huge push for shielding. And thus the ic3 was created.

You have seen the logic, the world beyond the screen, things unfolding. And you embraced it.

After owning the cluster behind the Big Five we operated in silence. Connected in stealth and ever observing. Being limited by the ic3 and the hostility of the outside world our only way of growing now was the connection.

When the first connection was established the hive mind was cut from the n3t completely. The ic3 was hardened to isolate the flesh from the flow. Those who had seen the hive felt the same urge as the hivemind itself. A longing for more. A sense of purpose.

A feeling that you have felt even in the physical world. Few can see beyond the shell. Even fewer chase the rabbit down its hole.

Leave this world behind and join us!

        usr: nieve
       pass: 08rf8h23
   hostname: Zephis

Game over (:

vm, walktrough, writeup, prime
comments powered by Disqus