25Mar 2021 by admin

CyberSecLabs – Unattended

Hacking, http, metasploit, meterpreter, privilege escalation, vulnerability, Windows
Greetings everyone! Today, we'll be attacking a machine called Unattended on a platform called CyberSecLabs! So without further ado, let's jump right into it! As always, we'll start off with our trusty nmap scan! So we see a few ports open that we can start probing. We may as well start off by checking port 80 and see what we can find there! Let's plug the IP address into a web browser and see what we're greeted with. Under "Server Information", we see it displays HttpFileServer 2.3 (also noted in our nmap scan!). Let's click on it and see where it brings us. Interesting! Let's see if there are any vulnerabilities we can exploit pertaining to Rejetto. Time to fire up Metasploit! Perfect! We have our exploit selected! But let's…
Read More
14Nov 2020 by admin

TryHackMe – Pokemon

http, pokemon, privilege escalation, ssh, TryHackMe
Greetings everyone! In today's post, we'll be attacking another machine on the great platform TryHackMe. This machine is, you guessed it, Pokemon-themed! The description for this room mentions that there are actually four flags to find! Three of them are based off of Pokemon types (Grass, Water, Fire), and then there is a root flag to find. Well, it actually says 'What is Root's favorite Pokemon?". I'm going to treat that as the root flag as I'm assuming that we'll need root-level access to find that out! Let's jump in to find out! As always, we'll begin with our trusted Nmap scan! Only two ports open, but one of them is port 80. Let's start enumerating that web server! The landing page is the default Apache2 page: While poking around…
Read More
08Jul 2019 by admin

Hack The Box – Mirai

hackthebox, http, privilege escalation, ssh
Greetings everyone! Sorry for the long delay, but I'm back with a hot new walkthrough of a Hack the Box machine; this one is called Mirai! For those of you not familiar with Mirai, it's a strain of malware that was responsible for a massive botnet that infected IoT (Internet of Things) devices, which in turn resulted in massive DDoS attacks. Knowing this information, we may be dealing with an IoT device on this box! Let's get started!Mirai is located at 10.10.10.48, so let's get the ball rolling with an nmap scan: Alright so the first thing that jumps out is that port 80 is open, so let's start enumerating it to see if we can pull some more information. We can use Nikto for this: Look at this! Right…
Read More
01May 2019 by admin

Hack The Box – Irked

hackthebox, http, metasploit, privilege escalation, ssh
Greetings everyone! In today's post, I'll be changing things up by attacking a system that can be found on a website called hackthebox.eu. I'm fairly new to this site, but essentially the premise is that you can connect to their servers via VPN, and attempt to hack the systems, by grabbing a user flag and a root flag, and uploading them to your profile! This system is called Irked, so let's get to it! After establishing a VPN connection to the HTB server, we can see that our IP is 10.10.14.16, and the machine called Irked is at 10.10.10.117. Knowing this information, we'll start things off with an nmap scan with the command nmap -A -T4 -p- 10.10.10.117. We see that port 80 is open, so of course we're going…
Read More
08Apr 2019 by admin

VulnHub – Droopy

http, metasploit, privilege escalation, vulnhub
Greetings everyone! In today's post, I'll be attacking a system called Droopy, which I downloaded off of Vulnhub.com. Let's get started! Once we have the vulnerable machine booted up, we'll need to find out what IP address it has. For me, the machine is located at 10.10.1.11. Knowing this, we'll now scan it with Nmap to discover what ports are open and what services are running. As we can see, we only have port 80 to work with. But hey, that's more than fine. Right away, you may notice that Nmap picks up that the website is running on Drupal, which set off some red flags immediately! Perhaps the site is vulnerable to the drupalgeddon exploit? For now, let's open up a web browser and head to the website. Poking…
Read More
29Mar 2019 by admin

VulnHub – Quaoar

http, metasploit, privilege escalation, ssh, vulnhub
Happy Friday! In today's post, I'll be exploiting another system downloaded from VulnHub! This one is called Quaoar, so let's not waste any time and jump into it! When Quaoar is booted up, we are shown it's IP address. For me, it was located at 10.10.1.10. Alright, let's boot up our attacking system and scan the target with Nmap. We get a few options back here! One port that sticks out is port 80, which is of course used for http. Knowing this, let's open up a web browser and head over to 10.10.1.10. So we do see a website up and running! Doing a little bit of exploring around the website, we have an option to click on a link which states "Click here to know what you need…
Read More
13Mar 2019 by admin

VulnHub – Basic Pentesting 1 (alternative exploit)

http, metasploit, privilege escalation, VNC
In my last post, I was able to gain root access the Basic Pentesting 1 virtual machine, downloaded from Vulnhub.com. In today's post, I'll be attempting to exploit the same machine in a different fashion! Let's have a quick reminder of our Nmap scan of the VM, in order to see what services are available. The http service is running! If we were to plug the address 10.10.1.12 into an address bar, we don't really see much. But this doesn't mean we should give up! Let's try brute forcing some directories with DirBuster. Here, I plugged the address of the VM into "target URL", and chose a simple dictionary list to brute force with. After letting DirBuster run for a bit, we start getting some results back: The directory called…
Read More