CTF-Writeups/TryHackMe/Hackers.md
2020-12-10 00:41:41 +05:00

6.8 KiB

TryHackMe-Hackers

NMAP

PORT     STATE SERVICE VERSION                                                                                                                      
21/tcp   open  ftp     vsftpd 2.0.8 or later                                                                                                        
| ftp-anon: Anonymous FTP login allowed (FTP code 230)                                                                                              
|_-rw-r--r--    1 ftp      ftp           400 Apr 29  2020 note                                                                                      
| ftp-syst:                                                                                                                                         
|   STAT:                                                                                                                                           
| FTP server status:                                                                                                                                
|      Connected to ::ffff:10.14.3.143                                                                                                              
|      Logged in as ftp                                                                                                                             
|      TYPE: ASCII                                                                                                                                  
|      No session bandwidth limit                                                                                                                   
|      Session timeout in seconds is 300                                                                                                            
|      Control connection is plain text                                                                                                             
|      Data connections will be plain text                                                                                                          
|      At session startup, client count was 3                                                                                                       
|      vsFTPd 3.0.3 - secure, fast, stable                                
|_End of status                                                                                                                                     
22/tcp   open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)                                                                 
| ssh-hostkey:                                                                                                                                      
|   256 3b:ff:4a:88:4f:dc:03:31:b6:9b:dd:ea:69:85:b0:af (ECDSA)                                                                                     
|_  256 fa:fd:4c:0a:03:b6:f7:1c:ee:f8:33:43:dc:b4:75:41 (ED25519)                                                                                   
80/tcp   open  http    Golang net/http server (Go-IPFS json-rpc or InfluxDB API)                                                                    
|_http-title: Ellingson Mineral Company                                   
9999/tcp open  abyss?                
| fingerprint-strings:               
|   FourOhFourRequest:               
|     HTTP/1.0 200 OK                
|     Date: Thu, 12 Nov 2020 19:43:39 GMT                                 
|     Content-Length: 1              
|     Content-Type: text/plain; charset=utf-8                             
|   GenericLines, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, TerminalServerCookie: 
|     HTTP/1.1 400 Bad Request                                            
|     Content-Type: text/plain; charset=utf-8        
    Connection: close              
|     Request                        
|   GetRequest, HTTPOptions:                                              
|     HTTP/1.0 200 OK                
|     Date: Thu, 12 Nov 2020 19:43:38 GMT                                 
|     Content-Length: 1              
|_    Content-Type: text/plain; charset=utf-8                             
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/
submit.cgi?new-service :             

PORT 21 (FTP)

ftp> ls -al
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 ftp      ftp          4096 Apr 30  2020 .
drwxr-xr-x    2 ftp      ftp          4096 Apr 30  2020 ..
-rw-r--r--    1 ftp      ftp            38 Apr 30  2020 .flag
-rw-r--r--    1 ftp      ftp           400 Apr 29  2020 note
226 Directory send OK.
ftp> get .flag
local: .flag remote: .flag
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for .flag (38 bytes).
226 Transfer complete.
38 bytes received in 0.00 secs (108.8251 kB/s)
ftp> get note
local: note remote: note
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for note (400 bytes).
226 Transfer complete.
400 bytes received in 0.00 secs (303.9883 kB/s)
ftp> 

Note

Note:
Any users with passwords in this list:
love
sex
god
secret
will be subject to an immediate disciplinary hearing.
Any users with other weak passwords will be complained at, loudly.
These users are:
rcampbell:Robert M. Campbell:Weak password
gcrawford:Gerard B. Crawford:Exposing crypto keys, weak password
Exposing the company's cryptographic keys is a disciplinary offense.
Eugene Belford, CSO

PORT 80 (robots.txt)

Skiddies keep out.
Any unauthorised access will be forwarded straight to Richard McGill FBI and you WILL be arrested.
- plague

Gobuster

root@kali:~/TryHackMe/KoTH/Hackers# gobuster dir -u http://10.10.105.193:80 -w /usr/share/wordlists/dirb/common.txt
                              
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.105.193:80
[+] Threads:        10
[+] Wordlist:       /usr/share/wordlists/dirb/common.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Timeout:        10s
===============================================================
2020/11/13 00:59:16 Starting gobuster
===============================================================
/backdoor (Status: 301)
/contact (Status: 301)
/img (Status: 301)
/index.html (Status: 301)
/news (Status: 301)
/robots.txt (Status: 200)
/staff (Status: 301)

Flags

  • On webpage css thm{b63670f7192689782a45d8044c63197f}
  • On ftp .flag thm{b63670f7192689782a45d8044c63197f}