Showing posts with label CTF. Show all posts

Hack Albania 2016 - 172.16.0.19:


1. Nmap -F 172.16.0.19
Not shown: 98 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8008/tcp open  http
MAC Address: 6C:71:D9:3A:7A:99 (AzureWave Technology)

Check the address 172.16.0.19:8008

Read more »


Null-Byte Report
  1. Find the blackbox with arp-scan 172.16.0.0/16, add it to scope in burp, run spider in burp and start scanning with nmap and nikto.
  2. nmap –p- -sV 172.16.0.13
    Not shown: 65531 closed ports
PORT      STATE SERVICE VERSION
80/tcp    open  http    Apache httpd 2.4.10 ((Debian))
111/tcp   open  rpcbind 2-4 (RPC #100000)
777/tcp   open  ssh     OpenSSH 6.7p1 Debian 5 (protocol 2.0)
50927/tcp open  status  1 (RPC #100024)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

  • port 22 is forwarded to 777 instead.

  1. nikto –h 172.16.0.13
Server: Apache/2.4.10 (Debian)
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ ETag header found on server, fields: 0xc4 0x51c42a5c32a70
+ Allowed HTTP Methods: POST, OPTIONS, GET, HEAD
+ OSVDB-3233: /icons/README: Apache default file found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6456 items checked: 0 error(s) and 4 item(s) reported on remote host

  1. run dirbuster to find more directories
Read more »

Kioptrix Report:
  1. First of all we would like to find the system in the LAN.
    (nmap/arp/wireshark) = 172.16.0.23
  2. Try to find a vulnerabilities:
  • Nikto Scanning: nikto –h 172.16.0.23
    Server: Apache 2.2.21 (FreeBSD) learn about other features: PHP version, Open SSL, HTTP Methods,Port 80, etc…
Read more »
Subscribe to: Posts (Atom)