# CC-Pen Testing
## Methodology:
**Scanning/Reconnaisance**
* nmap → nmap -A 10.10.51.180
**Enumeration**
* Gobuster/Dirbuster
**Exploitation**
* Hashcat → hashcat --force -m 1800 /root/List/rockyou.txt --session sha512
**Privilege Escalation**
* sudo -l
**Capturing the flag**
* user.txt
* root.txt
***
## Walkthrough
### NMAP
First, we do nmap the IP. From the result there is only 2 port open. (22 & 80)
```
nmap -A 10.10.51.180
```
### Gobuster
Open, port 80 on web, there is only page apache. Maybe we need to dirb. But, I prefer gobuster.
```
gobuster dir -u http://10.10.51.180/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html
```
Well, the directory that we found giving us a blank page. Dirb again as /secret is (301) which means a directory.
```
gobuster dir -u http://10.10.51.180/secret/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html
```
### Hashcat
Well, what hash is this? Check it through [Hash Analyzer](https://www.tunnelsup.com/hash-analyzer/)
Next, after found out the hash type, we need to find out the hash mode.
I suggest this website. [Hash](https://hashcat.net/wiki/doku.php?id=example_hashes)
```
hashcat --force -m 100 046385855FC9580393853D8E81F240B66FE9A7B8 /root/List/rockyou.txt --session SHA1
```
### Privilege Escalation
```
ssh nyan@10.10.51.180
```
```
sudo -l
```
**CONGRATULATIONS**, we got the flag.
*By AdaniKamal*