CC-Pen Testing
Methodology:
Scanning/Reconnaisance
nmap → nmap -A 10.10.51.180
Enumeration
Gobuster/Dirbuster
Exploitation
Hashcat → hashcat --force -m 1800 /root/List/rockyou.txt --session sha512
Privilege Escalation
sudo -l
Capturing the flag
user.txt
root.txt
Walkthrough
NMAP
First, we do nmap the IP. From the result there is only 2 port open. (22 & 80)
nmap -A 10.10.51.180

Gobuster
Open, port 80 on web, there is only page apache. Maybe we need to dirb. But, I prefer gobuster.
gobuster dir -u http://10.10.51.180/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html
Well, the directory that we found giving us a blank page. Dirb again as /secret is (301) which means a directory.
gobuster dir -u http://10.10.51.180/secret/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html

Hashcat
Well, what hash is this? Check it through Hash Analyzer
Next, after found out the hash type, we need to find out the hash mode.
I suggest this website. Hash
hashcat --force -m 100 046385855FC9580393853D8E81F240B66FE9A7B8 /root/List/rockyou.txt --session SHA1

Privilege Escalation
ssh nyan@10.10.51.180

sudo -l


CONGRATULATIONS, we got the flag.
By AdaniKamal
Last updated