FourandSix:1 walkthrough

Scanning Phase


To know the IP of the target machine we have to scan the network on which target is connected in my case its my local network
Command to scan the local network : arp-scan --local
Victim IP : 192.168.43.136


Now proceeding in scanning phase using nmap
I enumerated info using nmap aggressive scan with ping sweep
Command : nmap -A 192.168.43.136 -Pn
Results : nfs server is active so i tried to gain access to the server.


Gaining access to server as it is open
Command : showmount -e 192.168.43.136
Results : it has the content in /shared and open to everyone




Now i want to see the content of the server so i decided to make directory on my desktop named as Paras so that i can mount the content in this folder
Command : cd Desktop (to change my dir location to Desktop)
Command : mkdir Paras (to make new dir)
Command : mount -t nfs 192.168.43.136:/shared /root/Desktop/Paras
(to mount the content from shared to new dir i.e Paras which is located in /root/Desktop)
To confirm whether the content is copied in Paras or not i just navigate to Paras and list the contents.
Command : ls (to list the content of the dir)
Result : found 2 directories named USB and whoami and 1 .img file




Then i mounted .img file in USB folder to read the contents of the file
Command : mount USB-stick.img USB
Then after navigating to USB folder and on listing the contents i found image files in different formats .
Command : ls (to list the contents)
Result : found image files which are of no use to me




So finally mounted the content from server to whosmi folder present in Paras and explored the content further to get the flag
Command : mount -t nfs 192.168.43.136:/ whoami
Result : i got few folders and one of them is root folder
After navigating to root folder i got the flag as proof.txt and obtained the flag
Command : cat proof.txt (to read the flag)



 




Popular posts from this blog

Calculat3 M3 | CTF Learn

Image
This walkthrough will demonstrate the simple challenge based on command injection Calculat3 M3 This is the challenge page we got after visiting the given link. I provided random input in this calculator and intercepted the request with BurpSuite I got one parameter "expression" taking the values  Tried for command injection with ";ls" Forwarding the above request finally Got the Flag
Read more

TryHackme: Blue Walkthrough

Image
Task 1: Recon After we've connected to the tryhackme network the first task is to enumerate the target. We use Nmap for scanning the target IP. Command Used : nmap -sS -Pn <target-ip> -sS : Scan using TCP SYN scan -Pn : Treats all host as online --skip host discovery Next we used a command to find the vulnerability on the target machine. Command Used : nmap --script vuln <target-ip> --script : Specify the --script option to choose your own scripts to execute by providing categories , script file names, or the name of directories full of scripts you wish to execute. vuln : These scripts check for known vulnerabilites and generally only report results if they are found. Below, we see that nmap is indicating the target may be vulnerable to ms17-010(on the left0 and we can verify this using metasploit. To start Metasploit use command "msfconsole" We start by simply doing a search for ms17-010 Here we use module 2 i.e. exploit/windows
Read more

CTF - Dina : 1.0.1 walkthrough

Image
     Lab Environment  : Attacker’s Machine :  Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2(2017-11-08) x86_64 GNU/Linux Vulnerable Machine : Dina: 1.0.1 Scanning phase route -n (To know the gateway) i.e 172.16.60.2 arp-scan --local (to know the devices connected to the local network)   Vulnerable machine IP : 172.16.60.154           Using nmap for scanning the IP : nmap -sS -sC -sV  172.16.60.154 We got one open port i.e 80 and http service is active Since the port 80 is open and http service is active then we can open the IP in browser.   Another nmap syntax to know vulnerability if any : nmap --script vuln 172.16.60.154 Now further using dirb for scanning the directories : dirb http://172.16.60.154 Some results are obtained after using dirb .  Opened the http://172.16.60.154/robots.txt and found something interesti
Read more