CC Pentesting Final Exam

First step we have to scan the target.

for scanning I’m using nmap.

use nmap -sC -sV ‘machine ip’

So, by scanning with nmap we have got 3 ports open. 80 is running http.

Then the second step will be the enumuration.

So 80 seems interesting. I will use nikto to find something to look for.

use, nikto -h ‘machine ip’

Lets enumrate further.

Find the hidden directories of that webpage in secret directory.

gobuster dir -u http://10.10.144.184/secret/ -w /usr/share/wordlists/dirb/common.txt -x sh,txt,php

By checking this .txt file we have got the password hash.

You can decrypt this hash in several ways. e.h hashcat, johntheripper, and Crackstation.

After this we can login through ssh.

ssh nyan@’machine ip’

Now check for permissions.

There is no password required. simply type sudo su to switch to root.

user.txt

root.txt

Congratulations. Hope it might be helpful. Thank you.