admin, Author at Saiyan Pentesting

07Nov 2019 by admin

Hack The Box – Grandpa

hackthebox, metasploit, meterpreter, privilege escalation

Greetings everyone! We're back with another Hack The Box walkthrough; this one is called Grandpa. So without further ado, let's jump right into it!The machine Grandpa has the IP 10.10.10.14, so let's get started with an Nmap scan. As we can see by the results returned, we don't have a lot to go on. Port 80 is open and the web service running is Microsoft IIS httpd 6.0. Let's browse to 10.10.10.14 to see if we can find anything useful! Here we are greeted with the default "under construction" portal. I ran a couple of enumeration scripts for directory brute forcing, but nothing came up. So let's fire up Metasploit and search for IIS! After a bit of research and trial and error testing, the exploit we'll be using is…

12Sep 2019 by admin

Hack The Box – Lame

hackthebox, metasploit, meterpreter, smb

Greetings everyone! We're back with another HackTheBox machine to exploit. This one is called Lame! I'm sure there is nothing lame about this box. After all; we are still getting our hands dirty with some penetration testing action! Without further delay, let's dive into it!The machine Lame has an IP Address of 10.10.10.3. Let's start an Nmap scan to see what it has for open ports and running services! As we can see from the Nmap results, we have a few options to work with. Let's start with trying to find an exploit for vsftpd 2.3.4, as we know from an earlier blog post that this can be easily exploited with Metasploit. So let's fire it up! Now let's configure the exploit via the "show options" command, and enter the…

08Jul 2019 by admin

Hack The Box – Mirai

hackthebox, http, privilege escalation, ssh

Greetings everyone! Sorry for the long delay, but I'm back with a hot new walkthrough of a Hack the Box machine; this one is called Mirai! For those of you not familiar with Mirai, it's a strain of malware that was responsible for a massive botnet that infected IoT (Internet of Things) devices, which in turn resulted in massive DDoS attacks. Knowing this information, we may be dealing with an IoT device on this box! Let's get started!Mirai is located at 10.10.10.48, so let's get the ball rolling with an nmap scan: Alright so the first thing that jumps out is that port 80 is open, so let's start enumerating it to see if we can pull some more information. We can use Nikto for this: Look at this! Right…

11May 2019 by admin

Hack The Box – Devel

ftp, hackthebox, metasploit, meterpreter, privilege escalation

Happy Saturday, everyone! In today's post, I'll be attacking another system from hackthebox.eu. This one is called Devel! Let's jump right into it! Devel's IP address is 10.10.10.5, so let's start off by scanning it with Nmap in order to see what ports are open and what services are running on it. We see that port 80 is open, so we can open up a web browser and type in 10.10.10.5 to see what we can find! Okay, so we see the default page for Internet Information Services server is running. I enumerated the site a bit more, but nothing of interest was returned. Returning to our Nmap scan, we can see that FTP is also running, and allows anonymous login! So let's login! For anonymous login to work, we…

01May 2019 by admin

Hack The Box – Irked

hackthebox, http, metasploit, privilege escalation, ssh

Greetings everyone! In today's post, I'll be changing things up by attacking a system that can be found on a website called hackthebox.eu. I'm fairly new to this site, but essentially the premise is that you can connect to their servers via VPN, and attempt to hack the systems, by grabbing a user flag and a root flag, and uploading them to your profile! This system is called Irked, so let's get to it! After establishing a VPN connection to the HTB server, we can see that our IP is 10.10.14.16, and the machine called Irked is at 10.10.10.117. Knowing this information, we'll start things off with an nmap scan with the command nmap -A -T4 -p- 10.10.10.117. We see that port 80 is open, so of course we're going…

08Apr 2019 by admin

VulnHub – Droopy

http, metasploit, privilege escalation, vulnhub

Greetings everyone! In today's post, I'll be attacking a system called Droopy, which I downloaded off of Vulnhub.com. Let's get started! Once we have the vulnerable machine booted up, we'll need to find out what IP address it has. For me, the machine is located at 10.10.1.11. Knowing this, we'll now scan it with Nmap to discover what ports are open and what services are running. As we can see, we only have port 80 to work with. But hey, that's more than fine. Right away, you may notice that Nmap picks up that the website is running on Drupal, which set off some red flags immediately! Perhaps the site is vulnerable to the drupalgeddon exploit? For now, let's open up a web browser and head to the website. Poking…

29Mar 2019 by admin

VulnHub – Quaoar

http, metasploit, privilege escalation, ssh, vulnhub

Happy Friday! In today's post, I'll be exploiting another system downloaded from VulnHub! This one is called Quaoar, so let's not waste any time and jump into it! When Quaoar is booted up, we are shown it's IP address. For me, it was located at 10.10.1.10. Alright, let's boot up our attacking system and scan the target with Nmap. We get a few options back here! One port that sticks out is port 80, which is of course used for http. Knowing this, let's open up a web browser and head over to 10.10.1.10. So we do see a website up and running! Doing a little bit of exploring around the website, we have an option to click on a link which states "Click here to know what you need…

24Mar 2019 by admin

VulnHub – Basic Pentesting 2

privilege escalation, smb, ssh, vulnhub

In today's post, I'll be attacking a virtual machine downloaded from VulnHub called Basic Pentesting 2. I've previously posted two ways of exploiting a machine called Basic Pentesting, so it's only right that we try out the next machine in the series! The first thing we're going to do is locate the vulnerable machine on our network. We can do this by using a tool called netdiscover. Once we find it, we can start scanning! For me, the vulnerable machine is located at 10.10.1.11, so let's fire up nmap! Alright, looking at these results we can see there is a web server running, so let's browse to it and see what we find. Nothing here, really! But let's run a program called dirb to see if we can brute force…

23Mar 2019 by admin

VulnHub – Kioptrix Level 1

metasploit, remote access, searchsploit, smb, vulnhub

Greetings! I thought I would take to a break from March Madness (go Duke!) to make a post about attacking another system downloaded from VulnHub. This one is called Kioptrix Level 1, so let's get started! I had some trouble getting Kioptrix to talk to my virtual network on VirtualBox, so I switched over to VMWare. Let's boot up both our Kali system and the Kioptrix VM and see if we can find it on the network. We can run netdiscover on our attacking system to see what we have. There it is! Kioptrix is located at 192.168.64.159. Now let's scan it with nmap to see what services and ports are open. We have a few options here! The one that stands out to me is port 139, netbios-ssn. As…

16Mar 2019 by admin

VulnHub – Toppo

awk, privilege escalation, ssh, vulnhub

Good evening! In this post, I'll be exploiting another virtual machine that I downloaded from vulnhub.com. This one is called Toppo! This VM immediately caught my attention because of the name. For those unaware, Toppo is a character from Dragon Ball! No he is not a saiyan, but he proved to be quite the formidable foe in the Tournament of Power. But hey, who knows, maybe this VM was named Toppo for another reason. I, however, believe to think that it was named after the future God of Destruction of Universe 11. Anyway, enough Dragon Ball talk, and let's get to it! Once the VM is booted up, we are given the IP address of the system. Alright, let's scan it with Nmap to see what services we have running.…

Author: admin