nagpentest

Walkthru A. https://davidyat.es/2018/04/08/walkthrough-trollcave/ [stealing cookie but not working as expected. Getting info at the NC prompt but unable to reuse it to get admin web access] B. https://www.youtube.com/watch?v=gfh7wHhMlWg [ruby on rails site/vulnerabilities, dir traversal, login with public key, exploiting vulnerability and adding public keys as authorized_keys in victims computer ,exploiting calculator application/program which is running as root, passing another set of commands as parameters to calc to chown and reverse shell,  netcat without netcat: ] C. https://ohexfortyone.com/2018/03/trollcave-boot-to-root-vm-walkthrough-part-one.html [bash  script to enumerate all users   ] D. https://reedphish.wordpress.com/2018/04/29/trollcave-1-2-walkthrough/ [ linux/x64/meterpreter_reverse_tcp metasploit using an ELF based shell genereated from MSFVenom] E. https://vulniverse.blogspot.com/2018/04/trollcave-1.html [Text walktru of B] ...

1.       VM Cyberry: Port knocking, comments in HTML,Brainfuck code, Hydra for SSH, execute commands remotely using SSH, install ftp, openssl decrypt loop passing thru all supported ciphers, file command, command injection vulnerability and adding nc to a web request, head command, sudo access, shifting user from another using sudo, escaping restricted shell using awk, run shell using PHP -r, creating php page/script using echo, creating custom password dictionary based on hints,burp suite to get root access to the Admin panel, detail abt how to identify command injection vulnerability, installing backdoor, uer enumeration,unalias,base64 decode, QR code, buffer overflow but not complete, Port knocking to create all port combination 2.       VM The Necromancer: 1: passive scan using tcpdump, victim connecting outbound, echo base64, connecting u666 port using nc, custom dictionary, gcc-multilib, executing an ELF type file, file, binwalk & exif...

Walkthru A. http://www.hackingarticles.in/hack-the-bsides-vancouver2018-vm-boot2root-challenge/ [anonymous ftp, wordpress, hydra brute force wpscan, msfconsole wp_admin_shell_upload, msfvenom python, wp-config.php, crontab] B. https://www.adamluvshis.com/content/bsides-vancouver-2018-workshop-walkthrough [use hydra for brute force for http] Notes: 1. root@kali:~/reports# ../reconscan.py 192.168.106.4 2. ./onetwopunch.sh -t targets.txt 2<&1 | tee reports/192.168.106.4/onetwopunch.output 3. nmap -p- -T4 -sT 192.168.106.4 ..shows TCP 21,22 and 80 open. Anonymous FTP allowed OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO   ftp file included root@kali:~/reports/192.168.106.4# cat users.txt.bk abatchy john mai anne doomguy OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO Tried hydra to connect ftp and SSH with above listed user and with rock4you password list but no luck. appears SSH does not support password authentication and need key. Tried to connect using j...