When exploring the world of Industrial Control Systems security, one quickly realizes that the tooling landscape is quite different from what we are used to in traditional IT penetration testing. Protocols like Modbus TCP are still heavily used in many…
Description Plattform: TryHackMeLink: : Hard 🔴 Enumeration The initial phase of this engagement involved, as always, a network scan using Nmap. The scan revealed multiple open ports and services on the target: The SSH service was running OpenSSH 8.9p1 on…
Enumeration NMAP Printer-Page The password field cannot be manipulated to reveal the password. However, the authentication target address can be customized. Set it to your own IP address and listen with netcat on the corresponding port. Exploitation With valid credentials,…
Plattform: Hack the BoxLink: : Easy 🟠 Enumeration NMAP FTP This contains details regarding a planned system migration to Debian. The only file of significance is the backup file. The passwd file contains a potential username. Search for possibile passwords… Possibile…
Plattform: Hack the BoxLink: : Easy 🟠 Enumeration As usual start with nmap.. Port 80 is open, the website which is hosted is just a static page nothing special to find there. So lets see whats running under the hood. PHP…
Description Plattform: Hack the BoxLink: : Easy 🟠 Enumeration NMAP Website There different topics in the side-menu. I tried some command injection but this didnt worked there. So move on to this „data-scan or security-scan“ which looked most interesting for me.…
Description Plattform: Hack the BoxLink: : easy 🟢 Introduction After gaining access to the enemy infrastructure, we have collected critical network traffic data from their Modbus network. Our primary objective is to quickly identify the specific registers containing highly sensitive information…
Fieldbus Before Modbus was invented the issue of connection-oriented control was addressed, where each contact had to be individually wired, requiring two wires per contact. As the amount of information to be transmitted increased, the complexity of the wiring also…
Description Plattform: Hack the BoxLink: : Medium 🟠 Enumeration NMAP We’ll find just two ports open: The ports indicate an application called Achat. A quick Google search reveals that Achat is a Windows-based chat application that supports direct messaging and…
Description Plattform: TryHackMeLink: : Hard 🟠 Enumeration NMAP Exploit CVE-2017-8917 The running Joomla CMS seems to be vulnerabile against the CVE-2017-8917 which is an SQLi vulnerability. On Github an working exploit can be found: Equipped with the exploit, one…