Defalt_

Welcome file Welcome to the another CTF challenge from HackTheBox. What we can learn from the machine. Linux enumeration Directory traversal Exploiting unprotected screen session Let’s start with nmap scan. Nmap Scan Result ┌── ( defalt@kali ) - [ ~ ] └─$ nmap -sC -sV -p- -Pn -A 10.10.11.125 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-20 17:32 PDT Nmap scan report for 10.10.11.125 Host is up ( 0.051s latency ) . Not shown: 65532 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 3072 b4:de:43:38:46:57:db:4c:21:3b:69:f3:db:3c:62:88 ( RSA ) | 256 aa:c9:fc:21:0f:3e:f4:ec:6b:35:70:26:22:53:ef:66 ( ECDSA ) | _ 256 d2:8b:e4:ec:07:61:aa:ca:f8:ec:1c:f8:8c:c1:f6:e1 ( ED25519 ) 80/tcp open http Apache httpd 2.4.41 (( Ubuntu )) | _http-server-header: Apache/2.4.41 ( Ubuntu ) | _http-generator: WordPress 5.8.1 | _http-title: Backdoor

Welcome file This Blog post contain all Tier 0 HackTheBox Starting point all free machines. It will be Meow ,Fawn ,Dancing . First of all you need to download openvpn file for starting point. Meow - Linux Task 1 What does the acronym VM stand for? Virtual machine Task 2 What tool do we use to interact with the operating system in order to start our VPN connection? Terminal Task 3 What service do we use to form our VPN connection? Openvpn Task 4 What is the abreviated name for a tunnel interface in the output of your VPN boot-up sequence output? Tun Task 5 What tool do we use to test our connection to the target? Ping Task 6 What is the name of the tool we use to scan the target’s ports? Nmap Task 7 What service do we identify on port 23/tcp during our scans? Telenet ┌── ( defalt@kali ) - [ ~/Documents/htb/starting point /tier 0 ] └─$ nmap -sC -sV 10.129.244.123 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-08 00:32 PDT Nmap

Welcome file Using nmap, scan this machine. What ports are open? ┌── ( defalt@kali ) - [ ~/Documents/htb/paper ] └─$ nmap -sC -sV -o nmap 10.10.11.143 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-10 02:46 PDT Nmap scan report for 10.10.11.143 Host is up ( 0.15s latency ) . Not shown: 997 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 ( protocol 2.0 ) | ssh-hostkey: | 2048 10:05:ea:50:56:a6:00:cb:1c:9c:93:df:5f:83:e0:64 ( RSA ) | 256 58:8c:82:1c:c6:63:2a:83:87:5c:2f:2b:4f:4d:c3:79 ( ECDSA ) | _ 256 31:78:af:d1:3b:c4:2e:9d:60:4e:eb:5d:03:ec:a0:22 ( ED25519 ) 80/tcp open http Apache httpd 2.4.37 (( centos ) OpenSSL/1.1.1k mod_fcgid/2.3.9 ) | _http-title: HTTP Server Test Page powered by CentOS | http-methods: | _ Potentially risky methods: TRACE | _http-generator: HTML Tidy for HTML5 for Linux version 5.7.28 | _http-server-header: Apache/2.4.37 ( centos ) OpenSSL/1.1.1k mod_fcgid/2.3.9 443

htb What we can learn from this machine Enumeration Python3 Capabilities Wireshark Always start with nmap scan. Let’s see what we got in machine. # Nmap 7.91 scan initiated Thu Jun 10 11:37:56 2021 as: nmap -sC -sV -oN Scans/nmap-output 10.10.10.245 Nmap scan report for 10.10.10.245 Host is up (0.15s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 fa:80:a9:b2:ca:3b:88:69:a4:28:9e:39:0d:27:d5:75 (RSA) | 256 96:d8:f8:e3:e8:f7:71:36:c5:49:d5:9d:b6:a4:c9:0c (ECDSA) |_ 256 3f:d0:ff:91:eb:3b:f6:e1:9f:2e:8d:de:b3:de:b2:18 (ED25519) 80/tcp open http gunicorn | fingerprint-strings: | FourOhFourRequest: | HTTP/1.0 404 NOT FOUND | Server: gunicorn | Date: Thu, 10 Jun 2021 06:20:18 GMT | Connection: close | Content-Type: text/html; charset=utf-8 | Content-Length: 232 | &l

htb What we can learn from this machine Enumeration Wordpress MySQL Metasploit Let’s start with a nmap scan for look what we got in this machine. # Nmap 7.91 scan initiated Wed Jun 9 07:17:42 2021 as: nmap -sC -sV -A -oN scans/nmap-output 10.10.10.229 Nmap scan report for 10.10.10.229 Host is up (0.15s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.1 (protocol 2.0) | ssh-hostkey: |_ 4096 52:47:de:5c:37:4f:29:0e:8e:1d:88:6e:f9:23:4d:5a (RSA) 80/tcp open http nginx 1.17.4 |_http-server-header: nginx/1.17.4 |_http-title: Site doesn't have a title (text/html). 3306/tcp open mysql MySQL (unauthorized) |_ssl-cert: ERROR: Script execution failed (use -d to debug) |_ssl-date: ERROR: Script execution failed (use -d to debug) |_sslv2: ERROR: Script execution failed (use -d to debug) |_tls-alpn: ERROR: Script execution failed (use -d to debug) |_tls-nextprotoneg