nagpentest

Walkthru: A. https://mendidsiren63.blogspot.com/2017/05/vulnhub-hackfest2016sedna-walkthrough.html [PUT method giving access forbidden, POSTER plugin renaming a file , exploit.html to POST a file for BuilderEngine 3.5.0 - Arbitrary File Upload vulnerability, netcat with netcat /dev/tcp, exploit 33899, ] B. http://www.waywardpaladin.com/index.php?op=ViewArticle&articleId=3&blogId=1 [command line reverse shell,  firefart or  exploit  40839  but I am getting error upon compilation] C. https://medium.com/@3wem/hackfest2016-sedna-ctf-de95f2ab0b4f [metasploit] D. https://www.n00py.io/2017/03/vulnhub-walkthrough-hackfest2016-sedna/ [ditrycow] Notes: PORT     STATE SERVICE     VERSION 22/tcp   open  ssh         OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protoc                                                                                                                               ol 2.0) 53/tcp   open  domain      ISC BIND 9.9.5-3 (Ubuntu Linux) 80/tcp   open  ht

Walkthru: A. http://www.hackingarticles.in/hack-freshly-vm-ctf-challenge/ [ we don’t know the exact username and password therefore we have used SQLMAP for login form based injection for retrieving the database name and login credential by executing following command , metasploit msfvenom to create reverse shell, no gcc on target] B. https://blog.geoda-security.com/2016/08/tophatsec-freshly-walkthrough.html [burp suite to gather parameters for SQLMAP, unshadow passwd and shadow file, john, root pwd from /var/www/html/login.php file ] C. https://sdsdkkk.github.io/2015/vulnhub-freshly-solution/ [ se Burp Suite to interrupt the POST request and put the content in a file called  request.txt and run it with Sqlmap ] Notes: # Nmap 7.70 scan initiated Mon Jul 23 15:02:33 2018 as: nmap -sV -Pn -p 443 --script=http-vhosts,http-userdir-enum,http-apache-negotiation,http-backup-finder,http-config-backup,http-default-accounts,http-methods,http-method-tamper,http-passwd,http-robots.txt,htt

Walkthru: http://www.blackroomsec.com/quaoar-write-up/ [wordpress, php reverse vulnerability, multiple open ports 22,53,80,110,139,143,445,993,995] Notes: Nmap scan report for 192.168.117.5 Host is up (0.00038s latency). Not shown: 991 closed ports PORT    STATE SERVICE     VERSION 22/tcp  open  ssh         OpenSSH 5.9p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0) 53/tcp  open  domain      ISC BIND 9.8.1-P1 80/tcp  open  http        Apache httpd 2.2.22 ((Ubuntu)) 110/tcp open  pop3        Dovecot pop3d 139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 143/tcp open  imap        Dovecot imapd 445/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 993/tcp open  ssl/imap    Dovecot imapd 995/tcp open  ssl/pop3    Dovecot pop3d [ssl/pop3 Dovecot pop3d ] MAC Address: 08:00:27:34:58:0D (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 2.6.X|3.X OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3

Walkthru: A . https://blog.geoda-security.com/2016/08/bne0x03-simple-walkthrough.html [37292.c] B. https://scriptkidd1e.wordpress.com/sectalks-bne0x03-simple-vulnhubs-vm-walkthrough/ [36746.c,37088.c] Notes: root@kali:~/reports/192.168.117.3# cat 192.168.117.3.nmap # Nmap 7.70 scan initiated Fri Jul 20 19:19:00 2018 as: nmap -sV -O -oN ../reports/192.168.117.3/192.168.117.3.nmap 192.168.117.3 Nmap scan report for 192.168.117.3 Host is up (0.00066s latency). Not shown: 999 closed ports PORT   STATE SERVICE VERSION 80/tcp open  http    Apache httpd 2.4.7 ((Ubuntu)) MAC Address: 08:00:27:60:21:5C (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 Network Distance: 1 hop OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Fri Jul 20 19:19:25 2018 -- 1 IP address (1 host up) sc