diff --git a/TryHackMe/Hackers.md b/TryHackMe/Hackers.md new file mode 100644 index 0000000..528ef7e --- /dev/null +++ b/TryHackMe/Hackers.md @@ -0,0 +1,135 @@ +# TryHackMe-Hackers + +## NMAP + +``` +PORT STATE SERVICE VERSION +21/tcp open ftp vsftpd 2.0.8 or later +| ftp-anon: Anonymous FTP login allowed (FTP code 230) +|_-rw-r--r-- 1 ftp ftp 400 Apr 29 2020 note +| ftp-syst: +| STAT: +| FTP server status: +| Connected to ::ffff:10.14.3.143 +| Logged in as ftp +| TYPE: ASCII +| No session bandwidth limit +| Session timeout in seconds is 300 +| Control connection is plain text +| Data connections will be plain text +| At session startup, client count was 3 +| vsFTPd 3.0.3 - secure, fast, stable +|_End of status +22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) +| ssh-hostkey: +| 256 3b:ff:4a:88:4f:dc:03:31:b6:9b:dd:ea:69:85:b0:af (ECDSA) +|_ 256 fa:fd:4c:0a:03:b6:f7:1c:ee:f8:33:43:dc:b4:75:41 (ED25519) +80/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API) +|_http-title: Ellingson Mineral Company +9999/tcp open abyss? +| fingerprint-strings: +| FourOhFourRequest: +| HTTP/1.0 200 OK +| Date: Thu, 12 Nov 2020 19:43:39 GMT +| Content-Length: 1 +| Content-Type: text/plain; charset=utf-8 +| GenericLines, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, TerminalServerCookie: +| HTTP/1.1 400 Bad Request +| Content-Type: text/plain; charset=utf-8 + Connection: close +| Request +| GetRequest, HTTPOptions: +| HTTP/1.0 200 OK +| Date: Thu, 12 Nov 2020 19:43:38 GMT +| Content-Length: 1 +|_ Content-Type: text/plain; charset=utf-8 +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/ +submit.cgi?new-service : +``` + +## PORT 21 (FTP) + +``` +ftp> ls -al +200 PORT command successful. Consider using PASV. +150 Here comes the directory listing. +drwxr-xr-x 2 ftp ftp 4096 Apr 30 2020 . +drwxr-xr-x 2 ftp ftp 4096 Apr 30 2020 .. +-rw-r--r-- 1 ftp ftp 38 Apr 30 2020 .flag +-rw-r--r-- 1 ftp ftp 400 Apr 29 2020 note +226 Directory send OK. +ftp> get .flag +local: .flag remote: .flag +200 PORT command successful. Consider using PASV. +150 Opening BINARY mode data connection for .flag (38 bytes). +226 Transfer complete. +38 bytes received in 0.00 secs (108.8251 kB/s) +ftp> get note +local: note remote: note +200 PORT command successful. Consider using PASV. +150 Opening BINARY mode data connection for note (400 bytes). +226 Transfer complete. +400 bytes received in 0.00 secs (303.9883 kB/s) +ftp> + +``` + +Note + +``` +Note: +Any users with passwords in this list: +love +sex +god +secret +will be subject to an immediate disciplinary hearing. +Any users with other weak passwords will be complained at, loudly. +These users are: +rcampbell:Robert M. Campbell:Weak password +gcrawford:Gerard B. Crawford:Exposing crypto keys, weak password +Exposing the company's cryptographic keys is a disciplinary offense. +Eugene Belford, CSO +``` +## PORT 80 (robots.txt) +``` +Skiddies keep out. +Any unauthorised access will be forwarded straight to Richard McGill FBI and you WILL be arrested. +- plague + +``` +## Gobuster + +``` +root@kali:~/TryHackMe/KoTH/Hackers# gobuster dir -u http://10.10.105.193:80 -w /usr/share/wordlists/dirb/common.txt + +=============================================================== +Gobuster v3.0.1 +by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_) +=============================================================== +[+] Url: http://10.10.105.193:80 +[+] Threads: 10 +[+] Wordlist: /usr/share/wordlists/dirb/common.txt +[+] Status codes: 200,204,301,302,307,401,403 +[+] User Agent: gobuster/3.0.1 +[+] Timeout: 10s +=============================================================== +2020/11/13 00:59:16 Starting gobuster +=============================================================== +/backdoor (Status: 301) +/contact (Status: 301) +/img (Status: 301) +/index.html (Status: 301) +/news (Status: 301) +/robots.txt (Status: 200) +/staff (Status: 301) +``` + + + + + +## Flags + +* On webpage css `thm{b63670f7192689782a45d8044c63197f}` +* On ftp `.flag ` `thm{b63670f7192689782a45d8044c63197f}` \ No newline at end of file