Posts

About this lab Engage in enumeration, web enumeration, and exploiting SQL injection techniques to identify vulnerabilities. Utilize password cracking methods and implement privilege escalation strategies to enhance your access. This lab is designed to capitalize on your skills in vulnerability exploitation. Enumeration Nmap command sudo nmap -p- -T4 target First, we have to scan all of the target ports. result Host is up (0.10s latency). Not shown: 65369 filtered tcp ports (no-response), 163 filtered tcp ports (host-prohibited) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http The ftp, ssh, and http ports are open. command ...

local ip : 192.168.45.231 remote ip : 192.168.152.136 Enumeration Nmap command sudo nmap -p- -T4 target result Not shown: 65498 closed tcp ports (reset), 31 filtered tcp ports (no-response) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 389/tcp open ldap 443/tcp open https 5667/tcp open unknown command sudo nmap -sV -sC -p 22,25,80,389,443,5667 -T4 target result PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 b8:8c:40:f6:5f:2a:8b:f7:92:a8:81:4b:bb:59:6d:02 (RSA) | 256 e7:bb:11:c1:2e:cd:39:91:68:4e:aa:01:f6:de:e6:19 (ECDSA) |_ 256 0f:8e:28:a7:b7:1d:60:bf:a6:2b:dd:a3:6d:d1:4e:a4 (ED25519) 25/tcp open smtp Postfix smtpd | ssl-cert: Subject: commonName=ubuntu | Not valid before: 2020-09-08T17:59:00 |_Not valid after: 2030-09-06T17:59:00 |_smtp-commands: ubuntu, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN |_ssl-date: TLS randomness does not represent time 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Nagios XI 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X 443/tcp open ssl/http Apache httpd 2.4.18 | ssl-cert: Subject: commonName=192.168.1.6/organizationName=Nagios Enterprises/stateOrProvinceName=Minnesota/countryName=US | Not valid before: 2020-09-08T18:28:08 |_Not valid after: 2030-09-06T18:28:08 |_ssl-date: TLS randomness does not represent time |_http-title: Nagios XI |_http-server-header: Apache/2.4.18 (Ubuntu) | tls-alpn: |_ http/1.1 5667/tcp open tcpwrapped Service Info: Hosts: ubuntu, 127.0.0.1; OS: Linux; CPE: cpe:/o:linux:linux_kernel Gobuster command ...

Enumeration Nmap command sudo nmap -p- -T4 target result Nmap scan report for target (192.168.204.121) Host is up (0.20s latency). Not shown: 65508 closed tcp ports (reset), 26 filtered tcp ports (no-response) PORT STATE SERVICE 80/tcp open http 오픈된 포트는 80 하나입니다. Gobuster command gobuster dir -u http://target -w /usr/share/wordlists/dirb/big.txt result =============================================================== Starting gobuster in directory enumeration mode =============================================================== /wordpress (Status: 301) [Size: 194] [--> http://target/wordpress/] Progress: 20469 / 20470 (100.00%) =============================================================== Finished =============================================================== gobuster enumeration 결과 wordpress로의 접근이 가능함을 확인했습니다. command ...

target ip: 192.168.224.219 Enumeration Nmap command sudo nmap -T4 -p- target result Host is up (0.10s latency). Not shown: 65504 closed tcp ports (reset), 30 filtered tcp ports (no-response) PORT STATE SERVICE 80/tcp open http 80번 포트만 열려있는 것을 확인할 수 있었습니다. Gobuster command gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt -z result =============================================================== Starting gobuster in directory enumeration mode =============================================================== /.hta (Status: 403) [Size: 278] /.htpasswd (Status: 403) [Size: 283] /.htaccess (Status: 403) [Size: 283] /cgi-bin/ (Status: 403) [Size: 282] /db (Status: 200) [Size: 53656] /index (Status: 200) [Size: 750] /index.html (Status: 200) [Size: 750] /robots (Status: 200) [Size: 110] /robots.txt (Status: 200) [Size: 110] /server-status (Status: 403) [Size: 287] /textpattern (Status: 301) [Size: 306] [--> http://target/textpattern/] =============================================================== Finished =============================================================== User-agent: * Disallow: /textpattern/textpattern dont forget to add .zip extension to your dir-brute ;) robots.txt에서 .zip extension을 포함하라는 팁이 있었습니다. command ...

Enumeration Nmap command sudo nmap -p- -T4 target result Not shown: 65499 closed tcp ports (reset), 34 filtered tcp ports (no-response), 1 filtered tcp ports (port-unreach) PORT STATE SERVICE 80/tcp open http 80번 포트만 열려있는 것을 확인할 수 있었습니다. command sudo nmap -sV -sC -p 80 target result PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.38 ((Debian)) |_http-title: Example.com - Staff Details - Welcome |_http-server-header: Apache/2.4.38 (Debian) 상세 버전 정보 조회 결과입니다. Gobuster command ...