Преминете към съдържанието

МЕУ организира кампания за пентестове в държавната администрация

Целта на кампанията е да подобри киберсигурността в държавната администрация, като участието в нея е доброволно и не се обвързва с възнаграждение.
Прочети повече за програмата

Добре дошли в Хакинг.БГ! 

Всеки един от нас стои на раменете на гигантите, споделили знанията и опита си с нас.

Този форум е нашият начин да върнем жеста за бъдещите и текущите кадри в киберсигурността.

Стремим се да предоставим платформа, където членовете могат да развиват своите умения, като се дава приоритет на етиката, сигурността и поверителността!

  • HTB - WriteUps

Относно този блог

Това е блог, който съдържа оцелелите writeUp-и от стария сайт. За съжаление доста от тях са загубени безвъзвратно, но каквото такова.

Можете да ги използвате, за да се упражнявате и да се учите.

 

 

Записи в този блог

Valentine

# Enumeration ### NMAP PORT    STATE SERVICE  VERSION 22/tcp  open  ssh      OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   1024 96:4c:51:42:3c:ba:22:49:20:4d:3e:ec:90:cc:fd:0e (DSA) |   2048 46:bf:1f:cc:92:4f:1d:a0:42:b3:d2:16:a8:58:31:33 (RSA) |_  256 e6:2b:25:19:cb:7e:54:cb:0a:b9:ac:16:98:c6:7d:a9 (ECDSA) 80/tcp  open  http     Apache httpd 2.2.22 ((Ubuntu)) |_http-server-header: Apache/2.2.22 (Ubuntu) |_http-title: Site doesnt have a title (text/htm

h3xu

h3xu в hackthebox

Sunday

# Enumeration Stage ### NMAP  There is a firewall that is filtering our requests. To bypass it I have ran the script with the -sS and -A tags. 1. sS (TCP SYN scan)            SYN scan is the default and most popular scan option for good reasons. It can be performed quickly,            also relatively unobtrusive and stealthy since it never completes TCP connections. SYN scan works            connection. You send a SYN packet, as if you are going to open a real connection and then

h3xu

h3xu в hackthebox

Spectra

# Enumeration ## Service Scan port 80, 20, 3306 # nmap -sC -sV --script=vuln -p-65535 spectra.htb Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:45 EDT Stats: 0:00:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 94.15% done; ETC: 02:46 (0:00:01 remaining) Stats: 0:03:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 99.75% done; ETC: 02:48 (0:00:00 remaining) Stats: 0:03:40 elapsed; 0 hosts completed (1 up), 1 under

h3xu

h3xu в hackthebox

SolidState

# ENUMERATION ## NMAP  The scan returned multiple interesting services # nmap -p- -sV -sC -o solidstate.txt --script vuln 10.10.10.51 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:47 EDT Nmap scan report for 10.10.10.51 Host is up (0.050s latency). Not shown: 65529 closed ports PORT     STATE SERVICE     VERSION 22/tcp   open  ssh         OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0) 25/tcp   open  smtp        JAMES smtpd 2.3.2 | smtp-vuln-cve2010-4344:  |_  The SMTP serve

h3xu

h3xu в hackthebox

Shocker

# Nmap  nmap shows port 80 open nmap -sC -sV -p-65535 --script vuln 10.10.10.56 PORT     STATE SERVICE VERSION 80/tcp   open  http    Apache httpd 2.4.18 ((Ubuntu)) |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-server-header: Apache/2.4.18 (Ubuntu) | http-slowloris-check:  |   VULNERABLE: |   Slowloris DOS attack |     State: LIKELY VULNERABLE |     IDs:  CVE:CVE-2007-6750 |       Slowloris tries to keep many connections to

h3xu

h3xu в hackthebox

Secret

# Enumeration #### Nmap 3 ports, 2 of which are http service that we have to check on our browser. PORT     STATE SERVICE VERSION 22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   3072 97:af:61:44:10:89:b9:53:f0:80:3f:d7:19:b1:e2:9c (RSA) |   256 95:ed:65:8d:cd:08:2b:55:dd:17:51:31:1e:3e:18:12 (ECDSA) |_  256 33:7b:c1:71:d3:33:0f:92:4e:83:5a:1f:52:02:93:5e (ED25519) 80/tcp   open  http    nginx 1.18.0 (Ubuntu) |_http-title: DUMB Docs |

h3xu

h3xu в hackthebox

Ransom

# Enumeration #### nmap PORT   STATE SERVICE VERSION                                                                                                                                                                                                                  22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)                                                                                                                                                        

h3xu

h3xu в hackthebox

Previse

# Enumeration #### NMAP PORT   STATE SERVICE VERSION 22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   2048 53:ed:44:40:11:6e:8b:da:69:85:79:c0:81:f2:3a:12 (RSA) |   256 bc:54:20:ac:17:23:bb:50:20:f4:e1:6e:62:0f:01:b5 (ECDSA) |_  256 33:c1:89:ea:59:73:b1:78:84:38:a4:21:10:0c:91:d8 (ED25519) 80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu)) |_http-favicon: Unknown favicon MD5: B21DD667DF8D81CAE6DD1374DD548004 | http-title: Previse Login |

h3xu

h3xu в hackthebox

Oopsie

# Enumeration #### nmap  # nmap -sV -sC -p- -T4 -oA oopsie opsie.htb                                                                  130 ⨯ Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-15 06:18 EDT Stats: 0:00:10 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 42.25% done; ETC: 06:19 (0:00:12 remaining) Nmap scan report for opsie.htb (10.10.10.28) Host is up (0.17s latency). Not shown: 65533 closed ports PORT   STATE SERVICE VERSION 22/t

h3xu

h3xu в hackthebox

Nibbles

# Enumeration ## NMAP The nmap scan reveals 2 open ports: PORT   STATE SERVICE VERSION 22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   2048 c4:f8:ad:e8:f8:04:77:de:cf:15:0d:63:0a:18:7e:49 (RSA) |   256 22:8f:b1:97:bf:0f:17:08:fc:7e:2c:8f:e9:77:3a:48 (ECDSA) |_  256 e6:ac:27:a3:b5:a9:f1:12:3c:34:a5:5d:5b:eb:3d:e9 (ED25519) 80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu)) | http-methods:  |_  Supported Methods: GET HEAD POST OPTIONS |

h3xu

h3xu в hackthebox

Knife

# Enumeration ## nmap # nmap -p- -A -v 10.10.10.242 -oA knife <deleted> PORT   STATE SERVICE VERSION 22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   3072 be:54:9c:a3:67:c3:15:c3:64:71:7f:6a:53:4a:4c:21 (RSA) |   256 bf:8a:3f:d4:06:e9:2e:87:4e:c9:7e:ab:22:0e:c0:ee (ECDSA) |_  256 1a:de:a1:cc:37:ce:53:bb:1b:fb:2b:0b:ad:b3:f6:84 (ED25519) 80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu)) | http-methods:  |_  Supported Methods: G

h3xu

h3xu в hackthebox

CronOS

# Enumeration The enumeration results show 3 open ports: PORT   STATE SERVICE VERSION 22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.1 (Ubuntu Linux; protocol 2.0) 53/tcp open  domain  ISC BIND 9.10.3-P4 (Ubuntu Linux) 80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu)) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel So, we are dealing with an Ubuntu machine that is hosting a WebApp. Port 53 is also open and an ISC BIND service running. Let's research on it a little bit more.

h3xu

h3xu в hackthebox

Bounty

# Enumeration #### nmap  We've found two open ports: 22, 80. # nmap -p- -sV -sC -oA bounty 10.10.11.100 Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-04 05:02 EDT Nmap scan report for 10.10.11.100 Host is up (0.049s latency). Not shown: 65533 closed ports PORT   STATE SERVICE VERSION 22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   3072 d4:4c:f5:79:9a:79:a3:b0:f1:66:25:52:c9:53:1f:e1 (RSA) |   256 a2:1e:67:61:8d:2f:7a:37:a7:ba:3b:

h3xu

h3xu в hackthebox

Beep

# Enumeration The nmap scan enumerated 16 open ports running a variety of services.    Nmap scan report for 10.10.10.7 Host is up (0.049s latency). Not shown: 65519 closed ports PORT      STATE SERVICE    VERSION 22/tcp    open  ssh        OpenSSH 4.3 (protocol 2.0) | ssh-hostkey:  |   1024 ad:ee:5a:bb:69:37:fb:27:af:b8:30:72:a0:f9:6f:53 (DSA) |_  2048 bc:c6:73:59:13:a1:8a:4b:55:07:50:f6:65:1d:6d:0d (RSA) 25/tcp    open  smtp       Postfix smtpd |_smtp-commands: beep.localdomain, PIPELINI

h3xu

h3xu в hackthebox

Bashed

# Enumeration ## NMAP We have an open port at 80, running Apache 2.4.18 (UBUNTU). # nmap -A 10.10.10.68                         Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-08 03:14 EDT Nmap scan report for 10.10.10.68 Host is up (0.050s latency). Not shown: 999 closed ports PORT   STATE SERVICE VERSION 80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu)) |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Arrexel's Development Site No exact OS matches for host (If

h3xu

h3xu в hackthebox

Bank

# Enumeration ### NMAP The nmap scan reveals port 53, 80 and 22 open so we could assume that there is an http web application, DNS and ssh services. Let's enumerate the DNS and check out the findings in our browser. Host is up (0.047s latency). Not shown: 65532 closed ports PORT   STATE SERVICE VERSION 22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey:  |   1024 08:ee:d0:30:d5:45:e4:59:db:4d:54:a8:dc:5c:ef:15 (DSA) |   2048 b8:e0:15:48:2d

h3xu

h3xu в hackthebox

Armageddon

Enumeration Service Scan The service scan reveals two open ports. A web application is running and has interesting directories to check. Additionally, we see Drupal 7 running, which gives us somewhat of a direction. ` # nmap -sC -sV -p-65535 armageddon                                                                           Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-08 04:58 EDT Nmap scan report for armageddon (10.10.10.233) Host is up (0.050s latency). Not shown: 65533 closed p

h3xu

h3xu в hackthebox

HACKING.BG Партньори

Asset3.png.df693f7661f6e8a7a3ec208659eda80b.pngtransparent1.png.c15979e1dc997cdd3a9941e342368a9b.png2.png.3e2592eadc660ecc831f1fdd569e8eb4.png600_489534840.png.72981fb02b90f1986dd7ade4d561e6d0.pngcyberclub-logo-text.png.6e9d11752e2eade43d40337d83365e48.png

×
×
  • Създай ново...

Важна информация!

Политика за сигурност и условия на ползване Privacy Policy