Enumeration
Let’s start with NMAP scan.
- SSH [22]
OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
No possible Exploit for this.
- HTTP [80]
This is super friendly box intended for Beginner’s
Enumeration
Services,
- SSH
- DNS
- POP3 / IMAP
- HTTP
Steps to hack
- get the hint on the apache default page.
- enumerate users using wpscan on the wordpress site.
- brute-froce the login to find the password.
- Login and upload the reverse-shell.
- once inside, look around the home dir.
- Find the root pwd and become root
- Level: Beginner-Intermediate
- flags: user.txt and root.txt
- Description: The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You’ll see the IP right on the login screen. You have to find and read two flags (user and root) which is present in user.txt and root.txt respectively.
- Format: Virtual Machine (Virtualbox — OVA)
- Operating System: Linux
Enumeration
Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing.
Enumeration
The purpose of this machine is to grant OSCP students further develop, strengthen, and practice their methodology for the exam.
This works better with VirtualBox rather than VMware
Enumeration
- Name: symfonos: 4
- Difficulty: Intermediate
- Tested: VirtualBox
- DHCP Enabled
OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder.
This works better with VirtualBox rather than VMware.
Steps
- Port scanning with NMAP
- Gobuster on port 80 gives up some dirs and files.
- Use SQLi to bypass…
OSCP-like Intermediate real life based machine designed to teach the importance of understanding a vulnerability. SHOULD work for both VMware and Virtualbox.
Enumeration
we have ports:
- 21
- 22
- 80
- 139/445
let’s enumerate 139/445,
