Elbrown

Nmap Enumeration 옵션 --sC, --min-rate=1000 - 대상서버에 DNS 서비스가 실행되고 있다면 dns에 대해 Enumeration을 시도해야한다. - SSL인증서에 호스트 주소로 추정되는 값을 사용한다. commonName=friendzone.red This server open DNS server and also can find vhost name in commnName 53/tcp open domain ISC BIND 9.11.3-1ubuntu1.2 (Ubuntu Linux) | dns-nsid: |_ bind.version: 9.11.3-1ubuntu1.2-Ubuntu 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: ..

SMB SMB - Server Message Block Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. smbclient //10.10.10.2/secret -U suit -p 445 Telnet Telnet is an application protocol which allows you, with the use of a telnet client, to connect to and execute commands on a remote machine that's hosting a telnet server ..

Skynet A vulnerable Terminator themed Linux machine. Scan ports using nmap Use GoBuster to enumerate directories Experiment with SMBMap to find Samba shares Using enumerated credentials to read emails Exploit CMS RFI vulnerability Exploit tar wildcards for privilege escalation Flow정리 1. Enumeration (samba) - nmap,smbmap,enum4linux 사용 2. 정보 획득 및 다운로드 - smbclient, rpcclient, smbget 사용 3. 히든 디렉토리 -..

Kenobi Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation. NMAP -> RPC, NFS, FTP, SMB, SSH 1. smbclient, smbget 2. Nmap nfs 스크립트 검색 (rpcbind) 3. NC로 FTP 배너그래빙 -> searchsploit -> Proftp copy exploit-> 1에서 얻은 로그파일 정보로 위치 파악, ssh개인키를 마운트된 폴더에 복사 -> 내 PC로 mount하여 개인키 다운로드 -> SS..