CC-Pen Testing

Methodology:

Scanning/Reconnaisance

• nmap → nmap -A 10.10.51.180

Enumeration

• Gobuster/Dirbuster

Exploitation

• Hashcat → hashcat --force -m 1800 /root/List/rockyou.txt --session sha512

Privilege Escalation

• sudo -l

Capturing the flag

• user.txt

• root.txt

---

Walkthrough

NMAP

First, we do nmap the IP. From the result there is only 2 port open. (22 & 80)

nmap -A 10.10.51.180

image

Gobuster

Open, port 80 on web, there is only page apache. Maybe we need to dirb. But, I prefer gobuster.

gobuster dir -u http://10.10.51.180/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html

Well, the directory that we found giving us a blank page. Dirb again as /secret is (301) which means a directory.

gobuster dir -u http://10.10.51.180/secret/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html

image

Hashcat

Well, what hash is this? Check it through Hash Analyzer

Next, after found out the hash type, we need to find out the hash mode.

I suggest this website. Hash

hashcat --force -m 100 046385855FC9580393853D8E81F240B66FE9A7B8 /root/List/rockyou.txt --session SHA1

image

Privilege Escalation

ssh nyan@10.10.51.180

image

sudo -l

image

image

CONGRATULATIONS, we got the flag.

By AdaniKamal