Skip to main content

40 VM : Dina 1.0.1

Walkthru:

A. http://touhidshaikh.com/blog/?p=475 [zip2john, burp proxy change user agent vulnerability, php reverse shell]

Notes:

This VM also has another vulnerability https://www.exploit-db.com/exploits/42003/ which I was able to use to run uname-a and id command in the filename but couldnt do anything beyound that. Unable to run reverse shell.

A. Imported the file successfully but do not see any output when command is run via user agent field. No output is shown.

Comments

Post a Comment

Popular posts from this blog

VM 13 : Basic Pentest 1 csec

Notes: Walkthru: 1. https://medium.com/@evire/basic-pentesting-1-7251fb3e3f9e [ w/metasploi t using Wordpress t] 2. https://prasannakumar.in/infosec/vulnhub-basic-pentesting-1-writeup/ [ w/metasploit using ftp ] 3.  https://www.ceos3c.com/hacking/basic-pentesting-1-walkthrough/ [ by uploading php-reverse-shell in wordpress ] 4. http://k3ramas.blogspot.com/2018/02/basic-pentesting-1-walkthrough.html [  access wordpress config file to get pwd and access the DB ] 5.  https://cowsayroot.com/walkthrough-basic-pentesting-1/ [ Wpscan, ftp metasploit vulnerability, phpbash ] 6.   http://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/    [use msfvenom to create  to create php shell to be uploaded in Wordpress ] 7.   https://d7x.promiselabs.net/2018/01/30/ctf-basic-pentesting-a-guide-for-beginners/ [adding command using using PHP] Notes:  Ports - 21...ProFTPD 1.3.3c - 22 openSSH 7.2p2 ubuntu ...
2 comments
Read more

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote  host.Now that we have a specific username we can use it in order to obtain more information about this user with the command  finger root@host . -  Another effective use of the finger...
Post a Comment
Read more

38 VM : d0not5top: 1.2

https://www.vulnhub.com/?q=D0Not5top&sort=date-des&type=vm Walkthru: A. https://github.com/Hamza-Megahed/CTFs/blob/master/d0not5top/README [  burp proxy, adding hostnames to /etc/host shows following but not working for me. Not showing localhost stuff, $ dirb http://172.16.34.163/control/ -X .txt,.php,.html     + http://172.16.34.163/control/hosts.txt     127.0.0.1 localhost     127.0.0.1 D0Not5top.ctf     #127.0.0.1       MadBroAdN1n.ctf ## AD105 M0F05] B. https://adaywithtape.blogspot.com/2017/04/vulnhub-d0not5top-writeup.html [use nc cmd to get the flag and echo cmd to decode the flag, wfuzz, virtualhost, partially binary string, google language translate, curl  -header  host request, additional domains, OWSAP ZAP, exiftool, HD, hash64,] wfuzz -c -w /usr/share/seclists/Discovery/Web_Content/common.txt --hc 404 192.168.56.102/FUZZ Changing the syntax just a tad to only show html 200...
Post a Comment
Read more