Hacking Articles,Ethical Hacking Training in Delhi,Metasploit Training. Hello friends! Today we are going to take another CTF channeling known as Analougepond which Based on our previous article “SSH pivoting”, if you are aware of ssh pivoting then you can easily breach this vm machine. The credit for making this vm machine goes to “Knightmare” and it is another boot to root machine where author has hide flag for attacker as the new challenge. Lets Breach!!! The target holds 1. Hacking Articles is a very interesting blog about information security, penetration testing and vulnerability assessment managed by Raj Chandel. In this blog it's. Some useful syntax reminders for SQL Injection into MySQL databases This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured. Skillset Labs walk you through infosec tutorials, step-by-step, with over 30 hands-on penetration testing labs available for FREE! FREE SQL Injection Labs SQL. In this article, we will introduce you to SQL Injection techniques and how you can protect web applications from such attacks. IP; now using nmap lets find out open ports. T - s. U 1. 92. 1. From give image you can check port 2. SSH, 6. 8 for DHCP and 1. SNMP are open in target network. Now let’s enumerate for SNMP enumeration using metasploit. This module allows enumeration of any devices with SNMP protocol support. It supports hardware, software, and network information. The default community used is “public” use auxiliary/scanner/snmp/snmp. It might be possible that the author knightmare wants to give some password clue through this poem. From given image you can read the highlighted text “the Rising Sun” which could be the password for SSH. Now let’s enumerate for SSH login using metasploit. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. If you will search in Google you will come to know that ubuntu 1. This module attempts to exploit two different CVEs related to overlayfs. CVE- 2. 01. 5- 1. Ubuntu specific - > 3. CVE- 2. 01. 5- 8. Ubuntu: 3. 1. 9. 0- 1. Fedora: < 4. 2. Red Hat: < 3. 1. It enables other modules to . Autoadd will search a session for valid subnets from the routing table and interface list then add routes to them. Default will add a default route so that all TCP/IP traffic not specified in the MSF routing table will be routed through the session when pivoting. This does not need administrative privileges on the source machine, which may be useful if pivoting. Now we replace the c executable file with our file that gives the root access to the system. The puppet file should execute this as root user and we will get the root shell to server. We then come back to the meterpreter shell and upload it to the current user eric. Desktop/spin. c. After upload it into the system we compile it and send it to the sandieshaw using ssh. Now we replace the spin file in the /etc/puppet/modules/wiggle/files/ with our spin file. The spin is replaced, now we have to wait for the puppet file to replace our spin file to that in /tmp/After waiting for some time we execute the spin file present in /tmp/ folder. Now we have the root shell, moving into the /root/protovision folder we found a flag that is hexadecimal format. After converting it we found a base. After reversing the string and decoding it we found that it was a link to a youtube video. Then we moved on to the other files jim and melvin didn’t had anything significant so we moved to the folder . I. There we found a folder . So we removed the permissions of the file using: chmod 6. After looking around we couldn’t find anything, so we went back into the root of 1. Here after looking through the files we found that 1. We found a file called barringsbank- passwd that held all the username and password of 1. So we added a new user ignite to this file by opening this file in vim. Linux uses md. 5 salt hashes as password so we create an md. Then we add our user to sudoers to gain root access. Then we give our new user permissions same as root. Then we connect to 1. Now we have to wait for some time for the puppet server to update the sudoers, so that our user can have root access. Then we go to root shell using sudo su. We move into the root folder and find an image file me. We then copy the image file to eric using ssh. Then we download the file from eric to our local system through metasploit. We go to our meterpreter shell and download the me. Desktop/We used to exiftool on this file and found nothing so we performed steganography using steghide. First we check if there is any file hidden behind this image using command: steghide –info me. The passphrase to this file is reticulatingsplines, I found it after various attempts. Performing steganography we found a file hidden text file. We extract the text file using steghide, we use the following command: steghide extract - sf me. It will again ask for an password i.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |