Posts

TryHackme: Blue Walkthrough

Image
Task 1: Recon After we've connected to the tryhackme network the first task is to enumerate the target. We use Nmap for scanning the target IP. Command Used : nmap -sS -Pn <target-ip> -sS : Scan using TCP SYN scan -Pn : Treats all host as online --skip host discovery Next we used a command to find the vulnerability on the target machine. Command Used : nmap --script vuln <target-ip> --script : Specify the --script option to choose your own scripts to execute by providing categories , script file names, or the name of directories full of scripts you wish to execute. vuln : These scripts check for known vulnerabilites and generally only report results if they are found. Below, we see that nmap is indicating the target may be vulnerable to ms17-010(on the left0 and we can verify this using metasploit. To start Metasploit use command "msfconsole" We start by simply doing a search for ms17-010 Here we use module 2 i.e. exploit/windows

HackTheBox-Traceback Walkthrough

Image
I started with scanning the IP Addr with nmap using the simple command. Command Used: nmap IP Addr of machine -Pn  nmap 10.10.10.181 -Pn  Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-15 02:27 IST Nmap scan report for 10.10.10.181 Host is up (0.18s latency). Not shown: 998 closed ports PORT   STATE SERVICE 22/tcp open  ssh 80/tcp open  http Now only two things were in my mind and those were what should I enumerate first ssh or http. SSH can only be bruteforced and this point and bruteforce on the online machine doesn't works or we can say that most online hosted machines are not made to be bruteforced. So, I started  with HTTP. I fired up directory burster to find juicy directories if any and mean while I decided to browse the IP Addr since HTTP Service is active and running. I was presented with the below screen  dirb was not able to find any directories but the hint was already on th

Security WarGame By PAC Security

Image
Security WarGame By PAC Security  So first of all I opened the link and it have the zip file I downloaded it and then try to open it.  It was password encrypted so I use john to decrypt it. So here we can see that the password of the zip was password itself Now I opened it . It was containing a “pac.apk” file so first I ran the file command  Using file it is confirm that it is not a apk file so I use “cat” to print the output and I see a text with ==  so I rush to used base 64 but it was not base 64 so I google the cipher which gives the output with ‘=='  and I found blowfish cipher there so I googled the decoder of blowfish cipher and bingo I got the result that is:- I picked up from ‘o+7...’ because there is a space between them and the site name was revealed. I opened it I found this page so first thing is that I use dirb on this page and I got the result as follows URL /~adm URL /~404 And there I found two f