There are a couple of great findings, including an /admin /folder. I use this command for the dirb common.txt wordlist: gobuster dir -u 10.129.151.27 -w /usr/share/wfuzz/wordlist/general/common.txt -x php,txt I'm using the " common.txt" wordlist, but you can download more wordlists from SecLists here. Gobuster uses wordlists on the HTB Parrot box which are located in the /usr/share/wfuzz/wordlist/ directory. Gobuster is a directory scanner written in Go. Having this new piece of information, I decide to run Gobuster. Nibbleblog is described as an easy, fast and free PHP blog system. I can see at the bottom that the blog is powered by Nibbleblog. I navigate to this folder and land on what looks like a blog page called "Nibbles Yum Yum". I look at the source code and see that there is a commented line: And I get a page with a simple "Hello World" message at the top. Step 2 – Visit the W eb P ageįrom the reconnaissance phase, I decide to start with port 80. Here it's an Apache server (httpd 2.4.18). Secure Shell (SSH), secure logins, file transfers (scp, sftp) and port forwarding If you find the results a little bit too overwhelming, you can try this: nmap 10.129.151.27 A: Enables OS detection, version detection, script scanning, and traceroute I use the following command to perform an intensive scan: nmap -A -v 10.129.151.27 If you want to learn more about it, you can have a look at the documentation here. There are many commands you can use with this tool to scan the network. It uses raw IP packets to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap is a free and open source utility for network discovery and security auditing. It is always better to spend more time on this phase to get as much information as you can. This is one of the most important parts as it will determine what you can try to exploit afterwards. The first step before exploiting a machine is to do a little bit of scanning and reconnaissance. Let's get started! Step 1 – Do Some Reconnaissance In this tutorial, we will use the following tools to pawn the box: Nibbles is an easy machine which focuses on guessing passwords and enumerating web applications. Note: Only write-ups of retired HTB machines are allowed. Some of them simulate real world scenarios and some of them lean more towards a CTF style of challenge. It contains several challenges that are constantly updated. Hack The Box (HTB) is an online platform that allows you to test your penetration testing skills.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |