Posts

Showing posts from March, 2020

My File Server: 1 Vulnhub Walkthrough

Image
Lab Environment Attacker's Machine:   Linux kali 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-3kali1 (2019-11-20) x86_64 GNU/Linux Victim's Machine:   My File Server: 1 Mapping the local network to determine the IP of vulnerable machine. Command Used: arp-scan --local Nmap Scan Command Used: nmap -A Victim's IP Results: samba service on port 445 After knowing the samba service is active I fired up smbmap to enumerate it further. Command Used: smbmap -H Victim's IP Result: username - smbuser I decided for further enumeration and used Nikto to scan the target. Command Used: nikto -h Victim's IP Results: /readme.txt Visited the url to view if something useful can be found in readme.txt Results: my password is rootroot1 Now I am having username "smbuser" and password "rootroot1" to connect to victim's machine via ssh and when tried to connect it timed out my connection. So, I thought of generat...
Read more

Basic Injection | CTF Learn

Image
This was the basic injection challenge which clearly gives the hint of injecting malicious code. So, I was presented with Input Screen to enter something. Initiated with taking a view of source code and I got something that can be useful. As mentioned in above image to try some names, I started inserting the names and insertion of Luke in the field displays the message that he made this problem. Then I tried basic injection payload to see what can happen. 1'or'1''='1 And flag appeared
Read more

TBBT - FunWithFlags CTF Writeup

Image
Back Again with a new boot2root CTF Lab Environment Attacker's Machine:  Linux kali 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-3kali1 (2019-11-20) x86_64 GNU/Linux Victim's Machine: TBBT: FunWithFlags Mapping the local network to determine the IP of Vulnerable Machine Command Used: arp-scan --local  Now Scanning and enumerating the IP address with Nmap All Ports Scan Command Used: Nmap -p- 192.168.1.105 ftp, ssh, http, waste services are active Since, http service is active dirb can burst the directories and can reveal some import directories if present. Command Used: dirb http://192.168.1.105  Results: Wordpress Directory  Now since we know that there is a Wordpress directory so Wpscan is a better option to enumerate. Command Used: wpscan --url http://192.168.1.105/music/wordpress --enumerate ap Explanation: ap means All Plugins  Results: One plugin Found which is out of date named reflex-gall...
Read more