Skip to main content

54 VM W1R3S: 1.0.1

Walkthru
A. https://github.com/nbrisset/CTF/tree/master/CTF-VulnLabs/w1r3s [local file inclusion, ftp, Cuppa CMS vulnerability , LFI working using CLI but not browser, john, sudo su for privilege esclation ]

B. https://blog.barradell-johns.com/index.php/2018/06/25/w1r3s-writeup/ [ I was getting the same response from server for LFI . looks like it needed encoding. "After a bit of research I found I may have better luck with encoded url (url encoding) params, so I utilised cURL"]


Notes:

Comments

Post a Comment

Popular posts from this blog

VM 13 : Basic Pentest 1 csec

Notes: Walkthru: 1. https://medium.com/@evire/basic-pentesting-1-7251fb3e3f9e [ w/metasploi t using Wordpress t] 2. https://prasannakumar.in/infosec/vulnhub-basic-pentesting-1-writeup/ [ w/metasploit using ftp ] 3.  https://www.ceos3c.com/hacking/basic-pentesting-1-walkthrough/ [ by uploading php-reverse-shell in wordpress ] 4. http://k3ramas.blogspot.com/2018/02/basic-pentesting-1-walkthrough.html [  access wordpress config file to get pwd and access the DB ] 5.  https://cowsayroot.com/walkthrough-basic-pentesting-1/ [ Wpscan, ftp metasploit vulnerability, phpbash ] 6.   http://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/    [use msfvenom to create  to create php shell to be uploaded in Wordpress ] 7.   https://d7x.promiselabs.net/2018/01/30/ctf-basic-pentesting-a-guide-for-beginners/ [adding command using using PHP] Notes:  Ports - 21...ProFTPD 1.3.3c - 22 openSSH 7.2p2 ubuntu ...
2 comments
Read more

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote  host.Now that we have a specific username we can use it in order to obtain more information about this user with the command  finger root@host . -  Another effective use of the finger...
Post a Comment
Read more

38 VM : d0not5top: 1.2

https://www.vulnhub.com/?q=D0Not5top&sort=date-des&type=vm Walkthru: A. https://github.com/Hamza-Megahed/CTFs/blob/master/d0not5top/README [  burp proxy, adding hostnames to /etc/host shows following but not working for me. Not showing localhost stuff, $ dirb http://172.16.34.163/control/ -X .txt,.php,.html     + http://172.16.34.163/control/hosts.txt     127.0.0.1 localhost     127.0.0.1 D0Not5top.ctf     #127.0.0.1       MadBroAdN1n.ctf ## AD105 M0F05] B. https://adaywithtape.blogspot.com/2017/04/vulnhub-d0not5top-writeup.html [use nc cmd to get the flag and echo cmd to decode the flag, wfuzz, virtualhost, partially binary string, google language translate, curl  -header  host request, additional domains, OWSAP ZAP, exiftool, HD, hash64,] wfuzz -c -w /usr/share/seclists/Discovery/Web_Content/common.txt --hc 404 192.168.56.102/FUZZ Changing the syntax just a tad to only show html 200...
Post a Comment
Read more