Hacking Write-Ups

Lab Environment Attacker’s Machine : Linux kali 4.18.0-kali2-amd64 #1 SMP Debian 4.18.10-2kali1 (2018-10-09) x86_64 GNU/Linux Vulnerable Machine : Kioptrix: level 1(#1) Let’s start hacking and breach the security of this machine Scanning Phase : Now let’s scan our local network to which attacking machine and vulnerable machine is connected.        Syntax used : arp-scan -l                   Victim machine : 192.168.113.129 Enumeration Phase : I used nmap for further enumeration of ports and it’s services Syntax used to scan all ports : nmap -p- 192.168.113.129 -Pn Syntax used to scan services : nmap -sSCV 192.168.113.129 -Pn I found http service active on port 80 and samba on port 139 So, I tried to visit the webpage if I can get something useful but no luck this time Now I tried to search the exploit for samba and found one based on linux, freebsd and solaris , but I needed for linux . Using samba exploit :

Lab Environment Attacker's Machine - Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux Vulnerable Machine - unknowndevice64: 1 Proof Of Concept Scanning Phase Route -n (to know the gateway) i.e 192.168.1.1 arp-scan --local (to scan for the machines connected to the network) vulnerable machine IP - 192.168.1.9 Now I will use nmap for the further enumeration of services active on ports Syntax used : nmap -A -p- 192.168.1.9 -Pn Here , I found name of image file Syntax used : steghide extract -sf filename Password : h1dd3n This is the time where I read h1dd3n.txt file and found brainfuck encryption. Tried those credentials with ssh and got user privilege shell After login we tried ls but command not found so we checked the PATH variable and found the path as /home/ud64/prog Syntax used : $PATH So i just used echo to know the all  executables inside ,if any S