Enumeration NMAP Printer-Page The password field cannot be manipulated to reveal the password. However, the authentication target address can be customized. Set it to your own IP address and listen with netcat on the corresponding port. Exploitation With valid credentials,…
Plattform: Hack the BoxLink: : Easy 🟠 Enumeration NMAP FTP This contains details regarding a planned system migration to Debian. The only file of significance is the backup file. The passwd file contains a potential username. Search for possibile passwords… Possibile…
Plattform: Hack the BoxLink: : Easy 🟠 Enumeration As usual start with nmap.. Port 80 is open, the website which is hosted is just a static page nothing special to find there. So lets see whats running under the hood. PHP…
Description Plattform: TryHackMeLink: : Hard 🟠 Enumeration NMAP Exploit CVE-2017-8917 The running Joomla CMS seems to be vulnerabile against the CVE-2017-8917 which is an SQLi vulnerability. On Github an working exploit can be found: Equipped with the exploit, one…
Description Plattform: TryHackMeLink: : Medium 🟠 Codeanalysis This router is based on the POST request type and uses a function called isYaml() to check whether the file parameter (here file_path) is a YAML file or not. If the return value…
Important Note Enumeration NMAP Share Enumeration User Enumeration Foothold To establish a foothold, use the credentials and spawn a shell on the system using Evil-WinRM. This provides a list of existing users on the system, but the relationship between them…
Enumeration NMAP SMB Anonymous login to the share /HR is possible. To view the file, its better to download it. The file contains a password for a user, but the user is not known. Searched for usernames in the infrastructure,…
Enumeration NMAP Directory Listing I think that was a bug, because when I started the mashine again the next day, this directory was gone. CIF Analyzer Checking whether simple credentials like admin or admin:password work, but that is not the…
Enumeraton NMAP Website Nothing particularly interesting, except further down, where you are redirected to a subdomain via the button for SQLPAD. The tool appears to allow the execution of SQL queries. The version can be viewed by clicking the three…
This is my first mashine from Offsec regarding for PNPT and OSCP preparation. Recently I try to produce more content and get again more in preparation for the exams. First of all we start with our basic NMAP-Scan: We see…