CC-Pen Testing

Methodology:

Scanning/Reconnaisance

  • nmap → nmap -A 10.10.51.180

Enumeration

  • Gobuster/Dirbuster

Exploitation

  • Hashcat → hashcat --force -m 1800 /root/List/rockyou.txt --session sha512

Privilege Escalation

  • sudo -l

Capturing the flag

  • user.txt

  • root.txt

Walkthrough

NMAP

First, we do nmap the IP. From the result there is only 2 port open. (22 & 80)

nmap -A 10.10.51.180

Gobuster

Open, port 80 on web, there is only page apache. Maybe we need to dirb. But, I prefer gobuster.

gobuster dir -u http://10.10.51.180/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html

Well, the directory that we found giving us a blank page. Dirb again as /secret is (301) which means a directory.

gobuster dir -u http://10.10.51.180/secret/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html

Hashcat

Well, what hash is this? Check it through Hash Analyzer

Next, after found out the hash type, we need to find out the hash mode.

I suggest this website. Hash

hashcat --force -m 100 046385855FC9580393853D8E81F240B66FE9A7B8 /root/List/rockyou.txt --session SHA1

Privilege Escalation

ssh nyan@10.10.51.180
sudo -l

CONGRATULATIONS, we got the flag.

By AdaniKamal

PreviousBoltNextCC-Stego

Last updated