Pwned

DC-8 (Pretty interesting Box) This box is fun though as i suppose this was built to cover proof of concept(2FA).Which, is good for OSCP (told by some wise person) so, i decided to do this machine.You can download this from  DC-8 Breaching Process  Finding IP Nmap  Enumeration Browsing HTTP service Enumerating directory Got drupal (further enumerating version from change.log -> but dead end ) Exploitation sql injection got credentials (hash password) cracking password using john gaining reverse shell from contact form (executing php code in server sending mail) Privilege Escalation exploiting exim to get root permission (using proof of concept from exploit db) Let's breach; First of scanning network using namp.Found ip to be 192.168.234.135 while scanning again from nmap i surf in the browser and found out to be a drupal. so, the scan was completed and the result from nmap  There was not s...

Hack-Nos is another boot-to-root vulhub machine  Hack-Nos  .This box i believe is an intermediate box.The flag was important then gaining root and i got flag from two ways that was fun. Breaching Process  Finding IP Nmap Enumeration Browsing HTTP service Enumerating directory Got drupal (further enumerating version from change.log) Exploitation using metasploit got reverse shell Privilege Escalation Gaining wget root access to change the passwd file Let;s Breach : First IP discovery was important where i use nmap to scan the network  Use the root permission to scan for nmap the network. The ip was 192.168.1.16.Then i go for surfing and use dirb at background  so the page look like default apache There was not any juicy thing so i see the dirb scan and found there was a drupal  Then i go for the drupal page. I cannot login in as james i tried different combination of text got f...

This Box is from vulhub you can download it from  Link .  For this box you have to have knowledge of simple html,encoding an decoding (base64),nc(for reverse shell),find permission for root (privilege escalation). Breaching Process  Finding IP Nmap Enumeration Browsing HTTP service Enumerating directory Found robots.txt Exploitation Got base64  Decoded and got direcory nc revserse shell Privilege Escalation Gaining access to root using find  Let's Breach   Using nmap we scan the network ip in our network nmap -sn  ip_range  (use root permission to scan ) After scanning, the IP of machine was 192.168.43.4 after finding the ip we go for Enumeration (this is the phase where you have to see every single piece of information) I go for dirb scan and found robots.txt Then i got for robots.txt without consuming time and got base64 encoded text decoded it but got trolled. Sayin...