Try Hack Me - ccpentesting
Pentesting Crash Course
This write up documents the “final exam” machine that is presented as the last task in the room.
VMs can sometimes take a minute or two to come up. We can monitor the state of the box with ping.
nmap -A -T4 --open --top-ports 1000 -sV -oN nmap.out 10.10.125.198
Looks like ssh and Apache.
GoBuster has shown us there is a
/secret page we can visit, but when we navigate there in chrome it is an empty body. We can tell at the very least that secret is a directory, so lets gobuster it again.
Hmm nothing, lets check for files with
Read the contents of
secret.txt with a browser or cURL, and use the credentials to connect to ssh.
Run the hash through hashid to see what kind of hash it is. Use the
-m flag to see the correlating hashcat mode
hashid thinks it is most likely a SHA1 hash. Crack the hash with hashcat using the mode provided by hashid.
Connect with the cracked credentials and you’ll find the user flag in nyan’s home directory.
Check the users sudo privileges.
You should know what to do from here…