Defalt_

thm RootMe A ctf for beginners, can you root me? Task 2 First, let’s get information about the target. Here is the nmap scan. # Nmap 7.91 scan initiated Mon Jun 7 14:53:05 2021 as: nmap -sC -sV -A -oN nmap/scan 10.10.88.87 Nmap scan report for 10.10.88.87 Host is up (0.22s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 4a:b9:16:08:84:c2:54:48:ba:5c:fd:3f:22:5f:22:14 (RSA) | 256 a9:a6:86:e8:ec:96:c3:f0:03:cd:16:d5:49:73:d0:82 (ECDSA) |_ 256 22:f6:b5:a6:54:d9:78:7c:26:03:5a:95:f3:f9:df:cd (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) | http-cookie-flags: | /: | PHPSESSID: |_ httponly flag not set |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: HackIT - Home Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap

thm Cat Pictures I made a forum where you can post cute cat pictures! Enumerations Let’s run a nmap scan see what we got. # Nmap 7.91 scan initiated Sat Jun 5 16:54:16 2021 as: nmap -sV -sC -oN nmap/scan 10.10.137.255 Nmap scan report for 10.10.137.255 Host is up (0.15s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 37:43:64:80:d3:5a:74:62:81:b7:80:6b:1a:23:d8:4a (RSA) | 256 53:c6:82:ef:d2:77:33:ef:c1:3d:9c:15:13:54:0e:b2 (ECDSA) |_ 256 ba:97:c3:23:d4:f2:cc:08:2c:e1:2b:30:06:18:95:41 (ED25519) 8080/tcp open ssl/http-proxy? Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sat Jun 5 16:55:55 2021 -- 1 IP address (1 host up) scanned in 98.59 seconds Looks like we got a website. Let’s poke aroun

thm Simple CTF Beginner level ctf How many services are running under port 1000? Let’s run the nmap scan to see what ports are open. # Nmap 7.91 scan initiated Sat Jun 5 17:31:14 2021 as: nmap -sV -sC -Pn -oN nmap/scan 10.10.225.250 Nmap scan report for 10.10.225.250 Host is up (0.22s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_Can't get directory listing: TIMEOUT | ftp-syst: | STAT: | FTP server status: | Connected to ::ffff:10.9.2.48 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 1 | vsFTPd 3.0.3 - secure, fast, stable |_End of status 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 2 disallowed entries

basic pentest Basic Pentesting This is a machine that allows you to practise web app hacking and privilege escalation Find the services exposed by the machine Let’s do some enumerations # Nmap 7.91 scan initiated Wed Jun 2 18:19:48 2021 as: nmap -sV -sC -oN nmap/scan 10.10.163.160 Nmap scan report for 10.10.163.160 Host is up (0.16s latency). Not shown: 994 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 db:45:cb:be:4a:8b:71:f8:e9:31:42:ae:ff:f8:45:e4 (RSA) | 256 09:b9:b9:1c:e0:bf:0e:1c:6f:7f:fe:8e:5f:20:1b:ce (ECDSA) |_ 256 a5:68:2b:22:5f:98:4a:62:21:3d:a2:e2:c5:a9:f7:c2 (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Site doesn't have a title (text/html). 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba sm

vuln Enumerations Nmap scan Here is the task 2 answers all in this nmap scan. # Nmap 7.91 scan initiated Sun May 30 18:01:18 2021 as: nmap -sV -sC -oN nmap/vuln 10.10.205.62 Nmap scan report for 10.10.205.62 Host is up (0.22s latency). Not shown: 994 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 5a:4f:fc:b8:c8:76:1c:b5:85:1c:ac:b2:86:41:1c:5a (RSA) | 256 ac:9d:ec:44:61:0c:28:85:00:88:e9:68:e9:d0:cb:3d (ECDSA) |_ 256 30:50:cb:70:5a:86:57:22:cb:52:d9:36:34:dc:a5:58 (ED25519) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP) 3128/tcp open http-proxy Squid http proxy 3.5.12 |_http-server-header: squid/3.5.12 |_http-title: ERROR: The requested URL could not be retrieved 3333/tcp open http Apache httpd 2.4.1

rick Enumeration Nmap scan result # Nmap 7.91 scan initiated Thu May 27 08:23:53 2021 as: nmap -sV -sC -oN nmap/pickle_rick 10.10.11.26 Nmap scan report for 10.10.11.26 Host is up (0.19s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 f7:72:fe:b9:a6:8a:40:99:46:b0:ff:34:50:7a:de:4e (RSA) | 256 0b:0e:f8:1e:d5:aa:89:96:d5:4a:96:de:bd:83:3a:b6 (ECDSA) |_ 256 c2:9a:86:0e:c8:d8:27:6d:c1:b5:40:99:ce:47:92:7a (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Rick is sup4r cool Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu May 27 08:24:37 2021 -- 1 IP address (1 host up) scanned in 43.28 seconds Here we found we have port 80 open. when You go int

juice Task 1 when you go into the IP you can see juice store. Task 2 Question #1: What’s the Administrator’s email address? click the item on the juice shop and view the review admin@juice-sh.op Question #2: What parameter is used for searching? when you search about a item , You can get the parameter name after the question mark. ( http://10.10.163.117/#/search?q=apple ) q Question #3: What show does Jim reference in his review? His review was the (Fresh out of a replicator.) and search this about google you can get the answer. what is the replicator ? star trek Task 3 Question #1: Log into the administrator account! In this case we need to get to the admin account this will be easy injection. first we need to go to the login page and Type like this: ’ or 1=1-- and password to whatever you like. Here we go now you in the admin account. Task 4 Question #1: Bruteforce the Administrator account’s password! They provide a guideline to do t