25Mar 2021 by admin

CyberSecLabs – Unattended

Hacking, http, metasploit, meterpreter, privilege escalation, vulnerability, Windows
Greetings everyone! Today, we'll be attacking a machine called Unattended on a platform called CyberSecLabs! So without further ado, let's jump right into it! As always, we'll start off with our trusty nmap scan! So we see a few ports open that we can start probing. We may as well start off by checking port 80 and see what we can find there! Let's plug the IP address into a web browser and see what we're greeted with. Under "Server Information", we see it displays HttpFileServer 2.3 (also noted in our nmap scan!). Let's click on it and see where it brings us. Interesting! Let's see if there are any vulnerabilities we can exploit pertaining to Rejetto. Time to fire up Metasploit! Perfect! We have our exploit selected! But let's…
Read More
07Nov 2019 by admin

Hack The Box – Grandpa

hackthebox, metasploit, meterpreter, privilege escalation
Greetings everyone! We're back with another Hack The Box walkthrough; this one is called Grandpa. So without further ado, let's jump right into it!The machine Grandpa has the IP 10.10.10.14, so let's get started with an Nmap scan. As we can see by the results returned, we don't have a lot to go on. Port 80 is open and the web service running is Microsoft IIS httpd 6.0. Let's browse to 10.10.10.14 to see if we can find anything useful! Here we are greeted with the default "under construction" portal. I ran a couple of enumeration scripts for directory brute forcing, but nothing came up. So let's fire up Metasploit and search for IIS! After a bit of research and trial and error testing, the exploit we'll be using is…
Read More
12Sep 2019 by admin

Hack The Box – Lame

hackthebox, metasploit, meterpreter, smb
Greetings everyone! We're back with another HackTheBox machine to exploit. This one is called Lame! I'm sure there is nothing lame about this box. After all; we are still getting our hands dirty with some penetration testing action! Without further delay, let's dive into it!The machine Lame has an IP Address of 10.10.10.3. Let's start an Nmap scan to see what it has for open ports and running services! As we can see from the Nmap results, we have a few options to work with. Let's start with trying to find an exploit for vsftpd 2.3.4, as we know from an earlier blog post that this can be easily exploited with Metasploit. So let's fire it up! Now let's configure the exploit via the "show options" command, and enter the…
Read More
11May 2019 by admin

Hack The Box – Devel

ftp, hackthebox, metasploit, meterpreter, privilege escalation
Happy Saturday, everyone! In today's post, I'll be attacking another system from hackthebox.eu. This one is called Devel! Let's jump right into it! Devel's IP address is 10.10.10.5, so let's start off by scanning it with Nmap in order to see what ports are open and what services are running on it. We see that port 80 is open, so we can open up a web browser and type in 10.10.10.5 to see what we can find! Okay, so we see the default page for Internet Information Services server is running. I enumerated the site a bit more, but nothing of interest was returned. Returning to our Nmap scan, we can see that FTP is also running, and allows anonymous login! So let's login! For anonymous login to work, we…
Read More
01May 2019 by admin

Hack The Box – Irked

hackthebox, http, metasploit, privilege escalation, ssh
Greetings everyone! In today's post, I'll be changing things up by attacking a system that can be found on a website called hackthebox.eu. I'm fairly new to this site, but essentially the premise is that you can connect to their servers via VPN, and attempt to hack the systems, by grabbing a user flag and a root flag, and uploading them to your profile! This system is called Irked, so let's get to it! After establishing a VPN connection to the HTB server, we can see that our IP is 10.10.14.16, and the machine called Irked is at 10.10.10.117. Knowing this information, we'll start things off with an nmap scan with the command nmap -A -T4 -p- 10.10.10.117. We see that port 80 is open, so of course we're going…
Read More
08Apr 2019 by admin

VulnHub – Droopy

http, metasploit, privilege escalation, vulnhub
Greetings everyone! In today's post, I'll be attacking a system called Droopy, which I downloaded off of Vulnhub.com. Let's get started! Once we have the vulnerable machine booted up, we'll need to find out what IP address it has. For me, the machine is located at 10.10.1.11. Knowing this, we'll now scan it with Nmap to discover what ports are open and what services are running. As we can see, we only have port 80 to work with. But hey, that's more than fine. Right away, you may notice that Nmap picks up that the website is running on Drupal, which set off some red flags immediately! Perhaps the site is vulnerable to the drupalgeddon exploit? For now, let's open up a web browser and head to the website. Poking…
Read More
29Mar 2019 by admin

VulnHub – Quaoar

http, metasploit, privilege escalation, ssh, vulnhub
Happy Friday! In today's post, I'll be exploiting another system downloaded from VulnHub! This one is called Quaoar, so let's not waste any time and jump into it! When Quaoar is booted up, we are shown it's IP address. For me, it was located at 10.10.1.10. Alright, let's boot up our attacking system and scan the target with Nmap. We get a few options back here! One port that sticks out is port 80, which is of course used for http. Knowing this, let's open up a web browser and head over to 10.10.1.10. So we do see a website up and running! Doing a little bit of exploring around the website, we have an option to click on a link which states "Click here to know what you need…
Read More
23Mar 2019 by admin

VulnHub – Kioptrix Level 1

metasploit, remote access, searchsploit, smb, vulnhub
Greetings! I thought I would take to a break from March Madness (go Duke!) to make a post about attacking another system downloaded from VulnHub. This one is called Kioptrix Level 1, so let's get started! I had some trouble getting Kioptrix to talk to my virtual network on VirtualBox, so I switched over to VMWare. Let's boot up both our Kali system and the Kioptrix VM and see if we can find it on the network. We can run netdiscover on our attacking system to see what we have. There it is! Kioptrix is located at 192.168.64.159. Now let's scan it with nmap to see what services and ports are open. We have a few options here! The one that stands out to me is port 139, netbios-ssn. As…
Read More
13Mar 2019 by admin

VulnHub – Basic Pentesting 1 (alternative exploit)

http, metasploit, privilege escalation, VNC
In my last post, I was able to gain root access the Basic Pentesting 1 virtual machine, downloaded from Vulnhub.com. In today's post, I'll be attempting to exploit the same machine in a different fashion! Let's have a quick reminder of our Nmap scan of the VM, in order to see what services are available. The http service is running! If we were to plug the address 10.10.1.12 into an address bar, we don't really see much. But this doesn't mean we should give up! Let's try brute forcing some directories with DirBuster. Here, I plugged the address of the VM into "target URL", and chose a simple dictionary list to brute force with. After letting DirBuster run for a bit, we start getting some results back: The directory called…
Read More
12Mar 2019 by admin

VulnHub – Basic Pentesting 1

ftp, metasploit, vulnhub
So I thought I'd change things up a bit from exploiting services in Metasploitable, and begin doing some vulnerable machines from VulnHub! The first one I'm going to be exploiting is called Basic Pentesting 1. It doesn't sound too difficult, so let's get started! Once both the vulnerable VM and our attacking system are booted up, we need to find the VM on our virtual network. Let's run netdiscover to see if we can find it. The VM has an address of 10.10.1.12. Perfect! Now let's scan it with Nmap. Hmm. ProFTPD is running on this system! Lucky for us, we just exploited this service in our Metasploitable box. However, we see that it has a different version number! Maybe Metasploit has an exploit for it? Let's check! The module…
Read More