Skip to main content

Posts

TryHackMe - Blue Writeup

RECONNAISSANCE From a reconnaissance point of view there isn't much to do excepting noting down the IP address of the machine. You can also download this room as a virtual disk file and run it upon an instance of VirtualBox or VMware. Another thing that you must be mindful of is that the machine takes some time to boot so try pinging it before moving on with a nmap scan. SCANNING AND ENUMERATION I went ahead with a aggressive scan while also utiltizing the nmap's scripting engine to fire up the scripts in vuln category. The command being nmap -n -Pn -T5 -A --script=vuln <IP_Address> wherein the arugments are -n: To turn off DNS resolution -Pn: To not ping the IP address and directly go ahead with scanning it as I knew if was alive -T5: To increase the timing speed to maximum -A: To perform an aggressive scan which is a combination of custom scripts, OS fingerprinting and service detection of the ports --script=vuln: This is a group of nmap scripts which are used to scan t

HackTheBox - Vaccine Writeup

HackTheBox - Vaccine Writeup Reconnaissance The recon part has nothing much to offer other than providing us with the IP address of the machine which in my case was 10.129.225.240 Scanning & Enumeration The next step is to scan the given IP address for open ports and the services running upon them. For this we can go with an aggressive scan. The command used is nmap -n -Pn -T5 -A 10.129.225.240 where -n is used to switch off DNS lookup -Pn is used to treat the system as online -T5 is used for increasing the timing to insane for a quicker scan -A is used for an aggressive scan Another scan that we can do here is by using the NSE scripts under vuln category however in this case it didn't come out to be of use. The command for that would be nmap -n -Pn -T5 --script=vuln 10.129.225.240 This result shows us that the machine has 3 open ports namely 21(ftp), 22(ssh) and 80(http). One thing to note here is that the ftp server can be logged in with anonymous credentials and backup.zip c

Wifi Hacking

  How to hack WiFi passwords (using Aircrack-ng, R eaver  and Wifite) If you've ever stumbled upon the question of how to hack WiFi passwords then in this post I'll be explaining you several tools to achieve the same. Before starting I'd like to request you to only perform the following steps in a testing environment or on the networks that you're authorised to do this. I'll be skipping the basic steps such as choosing the right adaptor to perform these steps along with installing Linux and the tools upon it. Also I'll be explaining in a quick and concise manner thus the video could be vital to your understanding . Also some of these attacks are brute force thus could take anywhere from a minute to several days to crack a password. Keep this in mind before starting with these methods. With this out of the way, lets begin this journey.wifite2 Using Aircrack-ng NOTE: The prerequisite condition for this attack to work is that the target wifi network must have atlea

TryHackMe - Vulnversity

 TryHackMe - Vulnversity 1. Task 1 can be completed by download the VPN file provided by tryhackme and running openvpn upon it with the given command: sudo openvpn <filename> Task 2 - Begins 2. The next step is to scan the network. I performed an aggressive scan using nmap and since it would be too slow I sped it up using timing as 4. 3. This provided us with the number of ports open as 6 which will be used in our task 2. It also gave us the version of squid proxy running which is 3.5.12.  4. The next questions answer is 400. Let me explain why. -p is used to provide port/s to scan. This can be provided as a number, some comma separated numbers or a range. -p-400 is same as -p 1-400. This shows that ports 1 through 400 would be scanned. 5. The next answer is DNS. This can be seen in the man page of nmap. Open it using the command man nmap. The press forward slash (/) for searching. Then type -n and press enter. Remember this trick to search for something in man pages. 6. This mac

TryHackMe - Mr Robot

 TryHackMe - Mr Robot 1. First step as always is a nmap scan. So we have http, https and ssh port open. 2. Then I took a look at the robots file using curl. This can also be done in a browser. Here I found our first key and also a dictionary file. I used curl to display the key and downloaded the dictionary file using wget. Key is 073403c8a58a1f80d943455fb30724b9 3. I also started dirbuster at the beginning the moment I knew port 80 was open and found a login page within. 4. Now an interesting thing about a wordpress login page is that it tells you separately whether your username was correct or not. 5. I used burpsuite to brute force the login form using the given dictionary file. I captured the request and then sent it to intruder. Here I used a cluster bomb attack on the username and password positions. However I recommend using hydra unless you have the pro version of burpsuite. 6. A different length value suggest an anomaly. Thus I tried the corresponding values to it with usernam