OSCP | wirem0nster's infosec log

Popcorn

Dec 16, 2020 TJNull's List

Introduction: Recon 1# nmap -sS -sV -sC -Pn -T4 -oN popcorn.nmap.txt 10.10.10.6 2Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. 3Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-16 19:58 EST 4Nmap scan report for 10.10.10.6 5Host is up (0.024s latency). 6Not …

Blocky

Dec 13, 2020 Java phpmyadmin TJNull's list

Introduction: This is one of the OSCP like machine from TJNull’s list and interesting one indeed. The exploitation and Privesc are relatively easier on this machine. When doing this machine, focus on doing good enumeration and pay attention to details. Examine user scripts and programs as they may lead you to …

Bashed

Dec 12, 2020 webshell TJNull's list

This machine features a web application running a php web shell. This is a relatively simple machine w Recon Lets run the nmap scan. The ping probes are blocked so we will have to use the -Pn flag for the nmap scan. 1nmap -sS -sV -sC -T4 10.10.10.68 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-12 10:10 EST …

Lame

Dec 12, 2020 smb TJNull's list

Introduction: This is a extremely simple machine based on a very old CVE (2007-2447) with SMB service and the exploit for this vulnerability is readily available at - https://www.exploit-db.com/exploits/16320/ . You can either do this machine with the metasploit module but since OffSec discourages the use of this in …

Active

Dec 10, 2020 TJNull's List

Introduction: Recon 1# Nmap 7.91 scan initiated Fri Jan 1 16:49:57 2021 as: nmap -sS -sV -sC -T4 -O -oN nmap.active.txt 10.10.10.100 2WARNING: RST from 10.10.10.100 port 88 -- is this port really open? 3Nmap scan report for 10.10.10.100 4Host is up (0.015s latency). 5Not shown: 986 closed ports 6PORT STATE SERVICE …

Arctic

Dec 10, 2020 TJNull's List

Introduction: Recon 1nmap -sS -sV -sC -T4 -O -oN nmap.arctic.txt 10.10.10.11 2Starting Nmap 7.91 ( https://nmap.org ) at 2021-01-01 08:04 EST 3Nmap scan report for 10.10.10.11 4Host is up (0.014s latency). 5Not shown: 997 filtered ports 6PORT STATE SERVICE VERSION 7135/tcp open msrpc Microsoft Windows RPC 88500/tcp …

bastard

Dec 10, 2020 TJNull's List

Introduction: Recon eneloop@kinetic:…/hackthebox/bastard/data$ sudo nmap -sS -sC -sV -O -T4 -oN nmap.bastard.txt 10.10.10.9 [sudo] password for eneloop: Starting Nmap 7.91 ( https://nmap.org ) at 2021-01-17 23:32 EST Nmap scan report for 10.10.10.9 Host is up (0.016s latency). Not shown: 997 filtered ports PORT …

Brainfuck

Dec 10, 2020 TJNull's List NOSQL Injection Mongo SUID

Introduction: Recon nmap scan - 1nmap -sS -sV -sC -T4 -Pn -oN brainfuck.nmap.txt 10.10.10.17 2Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. 3Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-14 22:07 EST 4Nmap scan report for 10.10.10.17 5Host is up (0.014s …

bucket

Dec 10, 2020 TJNull's List

Introduction: Recon eneloop@kinetic:…/hackthebox/bucket/data$ sudo nmap -sS -sC -sV -T4 -O -oN nmap.bucket.txt 10.10.10.212 Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-02 21:35 EST Nmap scan report for 10.10.10.212 Host is up (0.014s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp …

delivery

Dec 10, 2020 TJNull's List

Introduction: Recon nmap -sS -sC -sV -T4 -O -oN nmap.delivery.txt 10.10.10.222 Starting Nmap 7.91 ( https://nmap.org ) at 2021-01-10 18:42 EST Nmap scan report for 10.10.10.222 Host is up (0.014s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol …