Pwned

It was the box where you have to have knowledge about using Nmap , dirb or nitko or gobuster ,ftp, ssh and metasploit .In this box we analyze the ftp connection using wireshark and got credentials and after that we gain access shell using ssh and exploit root permission using metasploit. Breaching Process  Finding IP Nmap Enumeration Nmap Deep scan Browsing HTTP service Enumerating directory ftp login Exploitation Generating ssh authorize key Gaining access to shell (ashoka) Reading chrootkit logs (using metasploit) Privilege Escalation chkrootkit Let's Breach  Using nmap we scan the network ip in our network nmap -sn  ip_range (use root permission to scan ) After sanning there are only five ip that was not hard for me to find we are using NAT in virtualbox after finding the ip we go for Enumeration (this is the phase where you have to see every single piece of information) Browsing the ip we get ...

Chill I got the admin panel and shell privelge was only apache though i got the knowledge of Sql-injection and i use Burpsuit Let's Breach Penetration Methodologies: Finding Ip NMAP Enumeration Browsing HTTP Service Directory Bruteforce using dirb Exploitation Sql-Injection  Reverse shell using NC I got the IP of Victim machine and it was 192.168.1.10 I use Nmap to scan what port are open and found that only 80 port was open using apache 2.4.16.I didn't found any serious exploit The OS was Fedora  I surf  the port 80 and found as online shopping page IDK i was right or wrong Then i go for directory bruteforcing using dirb as my favourite tool.However you can use gobuster also some recommended me highly because of it's feautures dirb -h http://192.168.1.10 and boom i got the admin.php directory that was quick and in source page of index.php i found terms.php where i can use it lat...

Penetration Methodologies: Finding IP Nmap Enumeration Browsing HTTP Service Directory Bruteforce using dirb Enumeration Using WPScan Password Bruteforce using WPScan Getting Login Credentials Exploitation Exploiting using Metasploit  Getting a reverse connection  Spawning a TTY Shell  Enumeration for Root Credentials Privilege Escalation  Getting Login Credentials Logging in as root Reading the Final Flag Let's Breach:     First of all finding IP for the machine i use bridge connection.The IP of machine was 192.168.1.5 I quickly nmap the website found 80 open Then i browse the server and found that apache default page and phpinfo() Nothing interesting then i bruteforce the directory you can use gobuster and nikto also While scan is complete i found a wordpress directory that leads me to an another website Then i quickly browse the http://192.168.1.5/wordpress then i found the page d...