Posts

Showing posts from July, 2018

CTF - Dina : 1.0.1 walkthrough

Image
     Lab Environment  : Attacker’s Machine :  Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2(2017-11-08) x86_64 GNU/Linux Vulnerable Machine : Dina: 1.0.1 Scanning phase route -n (To know the gateway) i.e 172.16.60.2 arp-scan --local (to know the devices connected to the local network)   Vulnerable machine IP : 172.16.60.154           Using nmap for scanning the IP : nmap -sS -sC -sV  172.16.60.154 We got one open port i.e 80 and http service is active Since the port 80 is open and http service is active then we can open the IP in browser.   Another nmap syntax to know vulnerability if any : nmap --script vuln 172.16.60.154 Now further using dirb for scanning the directories : dirb http://172.16.60.154 Some results are obtained after using dirb .  Opened the http://172.16.60.154/robots.txt and found something interesti

CTF - Billu Box Walkthrough

Image
Lab Environment Attacker's Machine - Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux Vulnerable Machine - Billu Box Proof Of Concept Scanning Phase Route -n (to know the gateway) i.e 172.16.60.2 arp-scan --local (to scan for the machines connected to the network) vulnerable machine IP - 172.16.60.149    Now i will use nmap for further scanning the machine's IP    nmap -sS -sV -sC 172.16.60.149       Port 80 is open and HTTP service is active . so i can browse the IP .        I got the homepage and login panel . I have to scan more to get login credentials. dirb http://172.16.60.149 /usr/share/wordlists/dirb/big.txt         ( I have used dirb command to enumerate some url's by using another     wordlists named big.txt , the path for that wordlist is /usr/share/wordlist/dirb/big.txt)      Highlighted url's gave me some result that seems to be interesting      URL

CTF - LazySysAdmin Walkthrough

Image
POC OF LAZYSYSADMIN CTF 1. route -n (To know the Gateway) i.e 172.16.60.2 2. netdiscover -r  172.16.60.2/24 (To scan the network) 3.IP of victim machine is 172.16.60.144 4.Scanning Phase- using Nmap syntax – nmap -sSCV 172.16.60.144  We can see Port number 80 is open and HTTP service is active . 5. Decided to paste the IP in browser so that i can get any hint.(the reason why i browsed the IP in browser is because http service is active on Port 80). 6. Scan the IP with nikto      Syntax to use nikto is -  nikto -h 172.16.60.144 7. And we found something interesting    wordpress and phpmyadmin urls .     • 172.16.60.144/wordpress/     • 172.16.60.144/phpmyadmin/        8. After opening the wordpress url in browser website is opened. And i saved the name togie (it can be username or password of any service) 9. After opening the phpmyadmin url in browser phpmyadmin login page is opened. 10. Further i used d