Posts

Backdoor - HackTheBox

-
Image
Welcome file Welcome to the another CTF challenge from HackTheBox. What we can learn from the machine. Linux enumeration Directory traversal Exploiting unprotected screen session Let’s start with nmap scan. Nmap Scan Result ┌── ( defalt@kali ) - [ ~ ] └─$ nmap -sC -sV -p- -Pn -A 10.10.11.125 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-20 17:32 PDT Nmap scan report for 10.10.11.125 Host is up ( 0.051s latency ) . Not shown: 65532 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 3072 b4:de:43:38:46:57:db:4c:21:3b:69:f3:db:3c:62:88 ( RSA ) | 256 aa:c9:fc:21:0f:3e:f4:ec:6b:35:70:26:22:53:ef:66 ( ECDSA ) | _ 256 d2:8b:e4:ec:07:61:aa:ca:f8:ec:1c:f8:8c:c1:f6:e1 ( ED25519 ) 80/tcp open http Apache httpd 2.4.41 (( Ubuntu )) | _http-server-header: Apache/2.4.41 ( Ubuntu ) | _http-generator: WordPress 5.8.1 | _http-title: Backdoor
Read more

Tech_Supp0rt: 1 - TryHackMe

-
Image
Welcome file Welcome to another CTF-writeup !! Tech_support:1 by vikaran. What we can learn from this machine. nmap scan , smbmap etc. (enumeration skills) subrion cms 4.2.1 RCE iconv sudo permission to overwritten files and read the files Let’s start with enumeration. First with nmap to see what port we have in the box. Nmap scan ┌── ( defalt@kali ) - [ ~/Documents/tryhackme/Tech_Supp0rt:1 ] └─$ nmap -sC -sV 10.10.168.200 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-15 21:29 PDT Nmap scan report for 10.10.168.20 Host is up ( 0.37s latency ) . Not shown: 996 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 2048 10:8a:f5:72:d7:f9:7e:14:a5:c5:4f:9e:97:8b:3d:58 ( RSA ) | 256 7f:10:f5:57:41:3c:71:db:b5:5b:db:75:c9:76:30:5c ( ECDSA ) | _ 256 6b:4c:23:50:6f:36:00:7c:a6:7c:11:73:c1:a8:60:0c ( ED25519 ) 80/tcp open http Apache ht
Read more

HackTheBox - Starting point (Tier 0)

-
Image
Welcome file This Blog post contain all Tier 0 HackTheBox Starting point all free machines. It will be Meow ,Fawn ,Dancing . First of all you need to download openvpn file for starting point. Meow - Linux Task 1 What does the acronym VM stand for? Virtual machine Task 2 What tool do we use to interact with the operating system in order to start our VPN connection? Terminal Task 3 What service do we use to form our VPN connection? Openvpn Task 4 What is the abreviated name for a tunnel interface in the output of your VPN boot-up sequence output? Tun Task 5 What tool do we use to test our connection to the target? Ping Task 6 What is the name of the tool we use to scan the target’s ports? Nmap Task 7 What service do we identify on port 23/tcp during our scans? Telenet ┌── ( defalt@kali ) - [ ~/Documents/htb/starting point /tier 0 ] └─$ nmap -sC -sV 10.129.244.123 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-08 00:32 PDT Nmap
Read more

Paper - HackTheBox (coming soon)

-
Image
Welcome file Using nmap, scan this machine. What ports are open? ┌── ( defalt@kali ) - [ ~/Documents/htb/paper ] └─$ nmap -sC -sV -o nmap 10.10.11.143 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-10 02:46 PDT Nmap scan report for 10.10.11.143 Host is up ( 0.15s latency ) . Not shown: 997 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 ( protocol 2.0 ) | ssh-hostkey: | 2048 10:05:ea:50:56:a6:00:cb:1c:9c:93:df:5f:83:e0:64 ( RSA ) | 256 58:8c:82:1c:c6:63:2a:83:87:5c:2f:2b:4f:4d:c3:79 ( ECDSA ) | _ 256 31:78:af:d1:3b:c4:2e:9d:60:4e:eb:5d:03:ec:a0:22 ( ED25519 ) 80/tcp open http Apache httpd 2.4.37 (( centos ) OpenSSL/1.1.1k mod_fcgid/2.3.9 ) | _http-title: HTTP Server Test Page powered by CentOS | http-methods: | _ Potentially risky methods: TRACE | _http-generator: HTML Tidy for HTML5 for Linux version 5.7.28 | _http-server-header: Apache/2.4.37 ( centos ) OpenSSL/1.1.1k mod_fcgid/2.3.9 443
Read more

Brooklyn Nine Nine - TryHackMe

-
Image
thm What we can learn from this machine? FTP stegcracker GTFObins (less sudo allowed no-password) In this box I’m using two methods to login to our user. Let’s enumerate the machine. Ok then !! let’s run our nmap. # Nmap 7.91 scan initiated Tue Jul 13 09:37:54 2021 as: nmap -sC -sV -A -oN nmap 10.10.34.147 Nmap scan report for 10.10.34.147 Host is up (0.18s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r-- 1 0 0 119 May 17 2020 note_to_jake.txt | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:10.9.4.19 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 2 | vsFTPd 3.0.3 - secure, fast, stable |_End o
Read more