11May 2019 by admin

Hack The Box – Devel

ftp, hackthebox, metasploit, meterpreter, privilege escalation
Happy Saturday, everyone! In today's post, I'll be attacking another system from hackthebox.eu. This one is called Devel! Let's jump right into it! Devel's IP address is 10.10.10.5, so let's start off by scanning it with Nmap in order to see what ports are open and what services are running on it. We see that port 80 is open, so we can open up a web browser and type in 10.10.10.5 to see what we can find! Okay, so we see the default page for Internet Information Services server is running. I enumerated the site a bit more, but nothing of interest was returned. Returning to our Nmap scan, we can see that FTP is also running, and allows anonymous login! So let's login! For anonymous login to work, we…
Read More
01May 2019 by admin

Hack The Box – Irked

hackthebox, http, metasploit, privilege escalation, ssh
Greetings everyone! In today's post, I'll be changing things up by attacking a system that can be found on a website called hackthebox.eu. I'm fairly new to this site, but essentially the premise is that you can connect to their servers via VPN, and attempt to hack the systems, by grabbing a user flag and a root flag, and uploading them to your profile! This system is called Irked, so let's get to it! After establishing a VPN connection to the HTB server, we can see that our IP is 10.10.14.16, and the machine called Irked is at 10.10.10.117. Knowing this information, we'll start things off with an nmap scan with the command nmap -A -T4 -p- 10.10.10.117. We see that port 80 is open, so of course we're going…
Read More
08Apr 2019 by admin

VulnHub – Droopy

http, metasploit, privilege escalation, vulnhub
Greetings everyone! In today's post, I'll be attacking a system called Droopy, which I downloaded off of Vulnhub.com. Let's get started! Once we have the vulnerable machine booted up, we'll need to find out what IP address it has. For me, the machine is located at 10.10.1.11. Knowing this, we'll now scan it with Nmap to discover what ports are open and what services are running. As we can see, we only have port 80 to work with. But hey, that's more than fine. Right away, you may notice that Nmap picks up that the website is running on Drupal, which set off some red flags immediately! Perhaps the site is vulnerable to the drupalgeddon exploit? For now, let's open up a web browser and head to the website. Poking…
Read More
29Mar 2019 by admin

VulnHub – Quaoar

http, metasploit, privilege escalation, ssh, vulnhub
Happy Friday! In today's post, I'll be exploiting another system downloaded from VulnHub! This one is called Quaoar, so let's not waste any time and jump into it! When Quaoar is booted up, we are shown it's IP address. For me, it was located at 10.10.1.10. Alright, let's boot up our attacking system and scan the target with Nmap. We get a few options back here! One port that sticks out is port 80, which is of course used for http. Knowing this, let's open up a web browser and head over to 10.10.1.10. So we do see a website up and running! Doing a little bit of exploring around the website, we have an option to click on a link which states "Click here to know what you need…
Read More
24Mar 2019 by admin

VulnHub – Basic Pentesting 2

privilege escalation, smb, ssh, vulnhub
In today's post, I'll be attacking a virtual machine downloaded from VulnHub called Basic Pentesting 2. I've previously posted two ways of exploiting a machine called Basic Pentesting, so it's only right that we try out the next machine in the series! The first thing we're going to do is locate the vulnerable machine on our network. We can do this by using a tool called netdiscover. Once we find it, we can start scanning! For me, the vulnerable machine is located at 10.10.1.11, so let's fire up nmap! Alright, looking at these results we can see there is a web server running, so let's browse to it and see what we find. Nothing here, really! But let's run a program called dirb to see if we can brute force…
Read More
16Mar 2019 by admin

VulnHub – Toppo

awk, privilege escalation, ssh, vulnhub
Good evening! In this post, I'll be exploiting another virtual machine that I downloaded from vulnhub.com. This one is called Toppo! This VM immediately caught my attention because of the name. For those unaware, Toppo is a character from Dragon Ball! No he is not a saiyan, but he proved to be quite the formidable foe in the Tournament of Power. But hey, who knows, maybe this VM was named Toppo for another reason. I, however, believe to think that it was named after the future God of Destruction of Universe 11. Anyway, enough Dragon Ball talk, and let's get to it! Once the VM is booted up, we are given the IP address of the system. Alright, let's scan it with Nmap to see what services we have running.…
Read More
13Mar 2019 by admin

VulnHub – Basic Pentesting 1 (alternative exploit)

http, metasploit, privilege escalation, VNC
In my last post, I was able to gain root access the Basic Pentesting 1 virtual machine, downloaded from Vulnhub.com. In today's post, I'll be attempting to exploit the same machine in a different fashion! Let's have a quick reminder of our Nmap scan of the VM, in order to see what services are available. The http service is running! If we were to plug the address 10.10.1.12 into an address bar, we don't really see much. But this doesn't mean we should give up! Let's try brute forcing some directories with DirBuster. Here, I plugged the address of the VM into "target URL", and chose a simple dictionary list to brute force with. After letting DirBuster run for a bit, we start getting some results back: The directory called…
Read More
10Mar 2019 by admin

Metasploitable – Attacking FTP Part 2

ftp, metasploitable, privilege escalation
In an earlier post, we were able to exploit an FTP service (Vsftpd) on our Metasploitable machine. In this post, we'll be attacking another FTP service: ProFTPD. As a refresher of the services running on the Metasploitable machine, let's open up a terminal in Kali and run Nmap against it. As we can see, ProFTPD is an available service, running on port 2121. Let's get right to it, and see if we can exploit it! Open up Metasploit and do a search for ProFTPD. We're going to see if we can brute-force our way into the FTP server with found credentials, so let's select the module "auxiliary/scanner/ftp/ftp_login". Once selected, we'll need to configure the appropriate options for the module. We'll need to set our RHOSTS to the IP Address of…
Read More