Scribd
Upload
38 views10 pages

Black Box 1

The document summarizes the steps taken to hack into multiple machines on a network. First, nmap was used to scan the network and find live hosts. Several machines were found with open ports like SSH, web servers, and SQL. Credentials found on one machine through directory bruteforcing and default logins allowed access to another machine containing a password and SQL credentials. An SQL exploit was used to gain a session on a third machine containing another flag. An SSH key file on that machine actually contained SSH credentials to log into a fourth and final machine containing the last flag.

Uploaded by

contact
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views10 pages

Black Box 1

The document summarizes the steps taken to hack into multiple machines on a network. First, nmap was used to scan the network and find live hosts. Several machines were found with open ports like SSH, web servers, and SQL. Credentials found on one machine through directory bruteforcing and default logins allowed access to another machine containing a password and SQL credentials. An SQL exploit was used to gain a session on a third machine containing another flag. An SSH key file on that machine actually contained SSH credentials to log into a fourth and final machine containing the last flag.

Uploaded by

contact
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Black Box 1

First, I scanned the network and got live hosts.

The first ip is my machine, the rest are other active hosts in the network. Let's do an nmap scan on each of them.

The first one has an ssh port, and two ports running web pages.

The second one has just one port open hosting a website.

1/10
The third one only has an ssh port open.

The 4th one has file sharing ports and an sql server open.

Let's start with the first one. Upon visiting the webpage, we see a default apache page.

2/10
When we go to the admin panel of apache under /manager, we are asked for credentials. I tried the default creds
tomcat:s3cret and i was able to log in.

Now we can see that there is a portal to upload a war file.

I searched on google and got an msf code to generate a war payload.

3/10
I created and uploaded the payload.

Then, I started a netcat listener and ran the file.

I got a session, and found the flag in the desktop of user adminels.

4/10
Now moving on to the second machine, we are greeted with a 404 page.

5/10
I did some directory bruteforcing using dirbuster and found a project directory.

It asked for credentials when trying to access it, but it also gave us a hint “admin”. So i tried username and
password as admin and I got in.

Now, since we have credentials we can use dirb to brute force with credentials.

Eventually, I found an interesting directory under project/backup/test

6/10
One of the files had the location of the flag and also some sql credentials.

We got the flag.

When we did nmap at the start, our last machine on 172.16.64.199 had a port running an sql server. So, I checked
and found it was ms-sql. I searched for an exploit using msfconsole for mssql.

7/10
Got a payload. I set all the relevant options, including the credentials we found on the previous machine.

I ran the exploit command.

Sure enough, I got a meterpreter session.

I explored a bit and found the flag in user adminELS's desktop.

8/10
There was also a file which looked like an ssh public key, so I downloded it onto my machine.

This could be what we need to login to the final machine. Since we don't have a username, I tried viewing the key
file.

I found that this is not a key file after all, but it has ssh credentials. So i tried logging in with them.

I found the flag too.

9/10
10/10

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy