wirem0nster's infosec log

bounty

Feb 17, 2021 TJNull's List

Introduction: Recon eneloop@kinetic:…/hackthebox/bounty/data$ sudo nmap -sS -sV -T4 -O -oN nmap.bounty.txt 10.10.10.93 [sudo] password for eneloop: Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-17 19:46 EST Nmap scan report for 10.10.10.93 Host is up (0.014s latency). Not shown: 999 filtered ports PORT …

Haircut

Jan 7, 2021 TJNull's List webapp curl screen

Introduction: Haircut is a very simple but great machine with a vulnerable app running that allows you to exploit curl to download a shell on the webserver and get the initial foothold. Recon NMAP scan 1nmap -sS -sV -sC -T4 -Pn -O -oN nmap.haircut.txt 10.10.10.24 2Host discovery disabled (-Pn). All addresses will be …

Omni

Jan 3, 2021 TJNull's List Windows Device Portal iot

Introduction: Omni is probably named omni because there is too much going on with this machine as you can see from the initial scans. There are bunch of open ports and URLs discovered by scans that can lead you to rabit holes. If you do a good recon, you will realize that you are dealing with “Windows Device …

Academy

Jan 3, 2021 TJNull's List

Introduction: Academy is a great machine with lots of rabbit holes and opportunities to learn. I spent a lot of time tinkering this one and looked for lot of hints for the priv-escalation. Recon NMAP scan 1# Nmap 7.91 scan initiated Sun Jan 3 09:00:32 2021 as: nmap -vv --reason -Pn -A --osscan-guess --version-all -p- …

Mirai

Jan 3, 2021 TJNull's List pi-hole raspberry-pi

Introduction: Recon 1nmap -sS -sC -sV -T4 -O -oN nmap.mirai.txt 10.10.10.48 2Starting Nmap 7.91 ( https://nmap.org ) at 2021-01-01 13:25 EST 3Nmap scan report for 10.10.10.48 4Host is up (0.015s latency). 5Not shown: 997 closed ports 6PORT STATE SERVICE VERSION 722/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u3 (protocol …

Jerry

Dec 31, 2020 TJNull's List Windows Tomcat

Introduction: Jerry is a very easy machine where you can enumerate the tomcat webserver and upload a webshell to exploit the box. Recon 1 nmap -sS -sC -sV -T4 -O -oN nmap.jerry.txt 10.10.10.95 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-31 15:22 EST 3Nmap scan report for 10.10.10.95 4Host is up (0.013s …

Grandpa

Dec 31, 2020 TJNull's List Windows Metasploit

Introduction: The “grandpa” is an easy windows machine with a CVE exploit using metasploit. Since the machine is very old, its also vulnerable to many other exploits that you can chose from for the privilege escalation at the end. The key takeaways for me were Based on the CVE you are exploiting, determine …

Beep

Dec 23, 2020 TJNull's List

Introduction: Recon 1# nmap -sS -sV -sC -T4 -O -oN nmap.beep.txt 10.10.10.7 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-23 11:21 EST 3Nmap scan report for 10.10.10.7 4Host is up (0.014s latency). 5Not shown: 988 closed ports 6PORT STATE SERVICE VERSION 722/tcp open ssh OpenSSH 4.3 (protocol 2.0) 8| ssh-hostkey: …

Devel

Dec 23, 2020 TJNull's List Windows IIS Metasploit

Introduction: This is a windows machine running IIS server, FTP service and presents few exploitable vulnerabilities. Its a very easy machine and I avoided using metasploit to work on this machine as I want to avoid/limit the usage as much as possible keeping the OSCP in mind. Recon Nmap output 1Nmap scan report for …

Blue

Dec 21, 2020 TJNull's List Metasploit Windows

Introduction: Recon 1# nmap -sS -sV -sC -T4 -oN nmap.blue.txt 10.10.10.40 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-21 20:24 EST 3Nmap scan report for 10.10.10.40 4Host is up (0.015s latency). 5Not shown: 991 closed ports 6PORT STATE SERVICE VERSION 7135/tcp open msrpc Microsoft Windows RPC 8139/tcp open …