HTB Starting Point – Markup

 $./ Open ports: 22/tcp open ssh OpenSSH for_Windows_8.1 (protocol 2.0) 80/tcp open http Apache httpd 2.4.41 ((Win64) OpenSSL/1.1.1c PHP/7.2.28) 443/tcp open ssl/http Apache httpd 2.4.41 ((Win64) OpenSSL/1.1.1c PHP/7.2.28) $gobuster dir -u -w /usr/share/wordlists/dirb/common.txt Apache service is running. Let’s try to access the site. Access to In the previous machine, we found credentials stored in an SQL dump.  Let’s try to reuse them, to log into the application.  The

HTB Starting Point – Included

$./ Open ports detected:80/tcp open  http   Apache httpd 2.4.29 ((Ubuntu)) Access to: redirection to Use Owasp-Zap to scan this site: This machine is vulnerable to a File Inclusion Path Traversal attack. According to the application description: The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a

HTB Starting Point – Pathfinder

 $./ Open ports detected:  WinRM 2.0 (Microsoft Windows Remote Management) uses port 5985/tcp for HTTP and 5986/tcp for HTTPS by default.  Using the credentials we obtained in a previous machine; sandra:Password1234!, we can attempt to enumerate Active Directory. We can achieve this using BloodHound. There is a python bloodhound ingester, which can be found here.  We can attempt to enumerate Active Directory:Try using old machine credentials… BloodHound is a single page

HTB Starting point – Shield

$ ./ Port 80 is open (Microsoft IIS running) Let’s try to see what’s inside… $ gobuster dir -u /usr/share/wordlists/dirb/common.txt There is a WordPress instance. Access to: Following the last machine’s general rule (let’s try old credentials): admin/P@s5w0rd! will work fine. Access to the WordPress Control Panel. Let’s use a wp_admin_shell_upload Metasploit exploit to obtain a functional shell. $ msfconsolemsf5 > use exploit/unix/webapp/wp_admin_shell_upload What do we need to use this exploit?

HTB Starting Point – Vaccine

kali@kali:~/ctf-tools$ ./ Remember we found a ftp user in the last machine  Try ftpuser / mc@F1l3ZilL4 and we’ll access to this ftp kali@kali:~/ctf-tools$ ftp ftp> dir ftp> get This file is password protected kali@kali:~/htb/vaccine$ sudo zip2john > hash zip2john processes input ZIP files into a format to be used with John the Ripper kali@kali:~/htb/vaccine$ sudo john hash –fork=4 –wordlist=»/opt/rockyou.txt» Different files are found inside the zip file. Open

HTB Starting point – Oopsie

ruben@kali:~/htb/oopsie$ sudo nmap -T4 -p- -A We have port 80 open with apache. ruben@kali:~/htb/oopsie$ sudo nikto -h According to this result, we have a login site: /cdn-cgi/login/ ruben@kali:~/htb/oopsie$ gobuster dir -u -w /usr/share/wordlists/dirb/common.txt -e There is an upload directory. Access to: Test credentials from the last machine: admin/MEGACORP_4dm1n!! The upload section is restricted to super admin. From the accounts section using BurpSuite: We have a cookie with

(Solution) Could not apply stored configuration to monitors error

I received this annoying message every time I logged-in in my Linux distro. After a small search with Google I found this solution: cd .cofig mv monitors.xml monitors.xml.oldexit Restart and you won’t see that message again.

(Solution) Add a new directory to home path in Linux

To add a new directory to your home path you just have to append the new directory to the PATH: $vim .bashrc In the last line of the file just add this: export PATH=$PATH:/homr/username/newDirectory/ Finally, restart your terminal.

BurpSuite: FoxyProxy and Burp CA cert installation

This post will guide you to install FoxyProxy plugin and the Burp CA cert in a Kali machine.  Install FoxyProxy FoxyProxy setup Run BurpSuite Access to the localhost:8080 site and download the CA cert.  Install the certificate Test 

Mindmap: (Tele)trabajo y Productividad