mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-21 19:43:03 +00:00
Add files via upload
This commit is contained in:
parent
489064163c
commit
91ed6bcbcf
1 changed files with 135 additions and 0 deletions
135
TryHackMe/Hackers.md
Normal file
135
TryHackMe/Hackers.md
Normal file
|
@ -0,0 +1,135 @@
|
|||
# TryHackMe-Hackers
|
||||
|
||||
## NMAP
|
||||
|
||||
```
|
||||
PORT STATE SERVICE VERSION
|
||||
21/tcp open ftp vsftpd 2.0.8 or later
|
||||
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|
||||
|_-rw-r--r-- 1 ftp ftp 400 Apr 29 2020 note
|
||||
| ftp-syst:
|
||||
| STAT:
|
||||
| FTP server status:
|
||||
| Connected to ::ffff:10.14.3.143
|
||||
| Logged in as ftp
|
||||
| TYPE: ASCII
|
||||
| No session bandwidth limit
|
||||
| Session timeout in seconds is 300
|
||||
| Control connection is plain text
|
||||
| Data connections will be plain text
|
||||
| At session startup, client count was 3
|
||||
| vsFTPd 3.0.3 - secure, fast, stable
|
||||
|_End of status
|
||||
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
|
||||
| ssh-hostkey:
|
||||
| 256 3b:ff:4a:88:4f:dc:03:31:b6:9b:dd:ea:69:85:b0:af (ECDSA)
|
||||
|_ 256 fa:fd:4c:0a:03:b6:f7:1c:ee:f8:33:43:dc:b4:75:41 (ED25519)
|
||||
80/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
|
||||
|_http-title: Ellingson Mineral Company
|
||||
9999/tcp open abyss?
|
||||
| fingerprint-strings:
|
||||
| FourOhFourRequest:
|
||||
| HTTP/1.0 200 OK
|
||||
| Date: Thu, 12 Nov 2020 19:43:39 GMT
|
||||
| Content-Length: 1
|
||||
| Content-Type: text/plain; charset=utf-8
|
||||
| GenericLines, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, TerminalServerCookie:
|
||||
| HTTP/1.1 400 Bad Request
|
||||
| Content-Type: text/plain; charset=utf-8
|
||||
Connection: close
|
||||
| Request
|
||||
| GetRequest, HTTPOptions:
|
||||
| HTTP/1.0 200 OK
|
||||
| Date: Thu, 12 Nov 2020 19:43:38 GMT
|
||||
| Content-Length: 1
|
||||
|_ Content-Type: text/plain; charset=utf-8
|
||||
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/
|
||||
submit.cgi?new-service :
|
||||
```
|
||||
|
||||
## PORT 21 (FTP)
|
||||
|
||||
```
|
||||
ftp> ls -al
|
||||
200 PORT command successful. Consider using PASV.
|
||||
150 Here comes the directory listing.
|
||||
drwxr-xr-x 2 ftp ftp 4096 Apr 30 2020 .
|
||||
drwxr-xr-x 2 ftp ftp 4096 Apr 30 2020 ..
|
||||
-rw-r--r-- 1 ftp ftp 38 Apr 30 2020 .flag
|
||||
-rw-r--r-- 1 ftp ftp 400 Apr 29 2020 note
|
||||
226 Directory send OK.
|
||||
ftp> get .flag
|
||||
local: .flag remote: .flag
|
||||
200 PORT command successful. Consider using PASV.
|
||||
150 Opening BINARY mode data connection for .flag (38 bytes).
|
||||
226 Transfer complete.
|
||||
38 bytes received in 0.00 secs (108.8251 kB/s)
|
||||
ftp> get note
|
||||
local: note remote: note
|
||||
200 PORT command successful. Consider using PASV.
|
||||
150 Opening BINARY mode data connection for note (400 bytes).
|
||||
226 Transfer complete.
|
||||
400 bytes received in 0.00 secs (303.9883 kB/s)
|
||||
ftp>
|
||||
|
||||
```
|
||||
|
||||
Note
|
||||
|
||||
```
|
||||
Note:
|
||||
Any users with passwords in this list:
|
||||
love
|
||||
sex
|
||||
god
|
||||
secret
|
||||
will be subject to an immediate disciplinary hearing.
|
||||
Any users with other weak passwords will be complained at, loudly.
|
||||
These users are:
|
||||
rcampbell:Robert M. Campbell:Weak password
|
||||
gcrawford:Gerard B. Crawford:Exposing crypto keys, weak password
|
||||
Exposing the company's cryptographic keys is a disciplinary offense.
|
||||
Eugene Belford, CSO
|
||||
```
|
||||
## PORT 80 (robots.txt)
|
||||
```
|
||||
Skiddies keep out.
|
||||
Any unauthorised access will be forwarded straight to Richard McGill FBI and you WILL be arrested.
|
||||
- plague
|
||||
|
||||
```
|
||||
## Gobuster
|
||||
|
||||
```
|
||||
root@kali:~/TryHackMe/KoTH/Hackers# gobuster dir -u http://10.10.105.193:80 -w /usr/share/wordlists/dirb/common.txt
|
||||
|
||||
===============================================================
|
||||
Gobuster v3.0.1
|
||||
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
|
||||
===============================================================
|
||||
[+] Url: http://10.10.105.193:80
|
||||
[+] Threads: 10
|
||||
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
|
||||
[+] Status codes: 200,204,301,302,307,401,403
|
||||
[+] User Agent: gobuster/3.0.1
|
||||
[+] Timeout: 10s
|
||||
===============================================================
|
||||
2020/11/13 00:59:16 Starting gobuster
|
||||
===============================================================
|
||||
/backdoor (Status: 301)
|
||||
/contact (Status: 301)
|
||||
/img (Status: 301)
|
||||
/index.html (Status: 301)
|
||||
/news (Status: 301)
|
||||
/robots.txt (Status: 200)
|
||||
/staff (Status: 301)
|
||||
```
|
||||
|
||||
<img src="https://imgur.com/DYOGfJ1.png"/>
|
||||
|
||||
|
||||
|
||||
## Flags
|
||||
|
||||
* On webpage css `thm{b63670f7192689782a45d8044c63197f}`
|
||||
* On ftp `.flag ` `thm{b63670f7192689782a45d8044c63197f}`
|
Loading…
Reference in a new issue