PETIR CYBER SECURITY – Page 2 – Tim kompetisi Capture The Flag (CTF) Universitas Bina Nusantara, yang merupakan tempat untuk belajar lebih dalam tentang Cyber Security secara intensif dan kompetitif.

February 26, 2020May 14, 2020

[HackTheBox] – Obscurity

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox Obscurity Mari kita lakukan recon pertama-tama, dengan menggunakan nmap

Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 00:54 EST
Nmap scan report for 10.10.10.168
Host is up (0.31s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE    VERSION
22/tcp   open   ssh        OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 33:d3:9a:0d:97:2c:54:20:e1:b0:17:34:f4:ca:70:1b (RSA)
|   256 f6:8b:d5:73:97:be:52:cb:12:ea:8b:02:7c:34:a3:d7 (ECDSA)
|_  256 e8:df:55:78:76:85:4b:7b:dc:70:6a:fc:40:cc:ac:9b (ED25519)
80/tcp   closed http
8080/tcp open   http-proxy BadHTTPServer
| fingerprint-strings: 
|   GetRequest: 
|     HTTP/1.1 200 OK
|     Date: Fri, 06 Dec 2019 05:55:37
|     Server: BadHTTPServer
|     Last-Modified: Fri, 06 Dec 2019 05:55:37
|     Content-Length: 4171
|     Content-Type: text/html
|     Connection: Closed
|     <!DOCTYPE html>
|     <html lang="en">
|     <head>
|     <meta charset="utf-8">
|     <title>0bscura</title>
|     <meta http-equiv="X-UA-Compatible" content="IE=Edge">
|     <meta name="viewport" content="width=device-width, initial-scale=1">
|     <meta name="keywords" content="">
|     <meta name="description" content="">
|     <!-- 
|     Easy Profile Template
|     http://www.templatemo.com/tm-467-easy-profile
|     <!-- stylesheet css -->
|     <link rel="stylesheet" href="css/bootstrap.min.css">
|     <link rel="stylesheet" href="css/font-awesome.min.css">
|     <link rel="stylesheet" href="css/templatemo-blue.css">
|     </head>
|     <body data-spy="scroll" data-target=".navbar-collapse">
|     <!-- preloader section -->
|     <!--
|     <div class="preloader">
|     <div class="sk-spinner sk-spinner-wordpress">
|   HTTPOptions: 
|     HTTP/1.1 200 OK
|     Date: Fri, 06 Dec 2019 05:55:38
|     Server: BadHTTPServer
|     Last-Modified: Fri, 06 Dec 2019 05:55:38
|     Content-Length: 4171
|     Content-Type: text/html
|     Connection: Closed
|     <!DOCTYPE html>
|     <html lang="en">
|     <head>
|     <meta charset="utf-8">
|     <title>0bscura</title>
|     <meta http-equiv="X-UA-Compatible" content="IE=Edge">
|     <meta name="viewport" content="width=device-width, initial-scale=1">
|     <meta name="keywords" content="">
|     <meta name="description" content="">
|     <!-- 
|     Easy Profile Template
|     http://www.templatemo.com/tm-467-easy-profile
|     <!-- stylesheet css -->
|     <link rel="stylesheet" href="css/bootstrap.min.css">
|     <link rel="stylesheet" href="css/font-awesome.min.css">
|     <link rel="stylesheet" href="css/templatemo-blue.css">
|     </head>
|     <body data-spy="scroll" data-target=".navbar-collapse">
|     <!-- preloader section -->
|     <!--
|     <div class="preloader">
|_    <div class="sk-spinner sk-spinner-wordpress">
|_http-server-header: BadHTTPServer
|_http-title: 0bscura
9000/tcp closed cslistener
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.80%I=7%D=12/6%Time=5DE9ED1C%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20Fri,\x2006\x20Dec\x2020
SF:19\x2005:55:37\nServer:\x20BadHTTPServer\nLast-Modified:\x20Fri,\x2006\
SF:x20Dec\x202019\x2005:55:37\nContent-Length:\x204171\nContent-Type:\x20t
SF:ext/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20html>\n<html\x20lang=\"
SF:en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t<title>0bscura</title>\
SF:n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20content=\"IE=Edge\">\n\t<
SF:meta\x20name=\"viewport\"\x20content=\"width=device-width,\x20initial-s
SF:cale=1\">\n\t<meta\x20name=\"keywords\"\x20content=\"\">\n\t<meta\x20na
SF:me=\"description\"\x20content=\"\">\n<!--\x20\nEasy\x20Profile\x20Templ
SF:ate\nhttp://www\.templatemo\.com/tm-467-easy-profile\n-->\n\t<!--\x20st
SF:ylesheet\x20css\x20-->\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/boo
SF:tstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/font-a
SF:wesome\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/templa
SF:temo-blue\.css\">\n</head>\n<body\x20data-spy=\"scroll\"\x20data-target
SF:=\"\.navbar-collapse\">\n\n<!--\x20preloader\x20section\x20-->\n<!--\n<
SF:div\x20class=\"preloader\">\n\t<div\x20class=\"sk-spinner\x20sk-spinner
SF:-wordpress\">\n")%r(HTTPOptions,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20
SF:Fri,\x2006\x20Dec\x202019\x2005:55:38\nServer:\x20BadHTTPServer\nLast-M
SF:odified:\x20Fri,\x2006\x20Dec\x202019\x2005:55:38\nContent-Length:\x204
SF:171\nContent-Type:\x20text/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20
SF:html>\n<html\x20lang=\"en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t
SF:<title>0bscura</title>\n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20co
SF:ntent=\"IE=Edge\">\n\t<meta\x20name=\"viewport\"\x20content=\"width=dev
SF:ice-width,\x20initial-scale=1\">\n\t<meta\x20name=\"keywords\"\x20conte
SF:nt=\"\">\n\t<meta\x20name=\"description\"\x20content=\"\">\n<!--\x20\nE
SF:asy\x20Profile\x20Template\nhttp://www\.templatemo\.com/tm-467-easy-pro
SF:file\n-->\n\t<!--\x20stylesheet\x20css\x20-->\n\t<link\x20rel=\"stylesh
SF:eet\"\x20href=\"css/bootstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet
SF:\"\x20href=\"css/font-awesome\.min\.css\">\n\t<link\x20rel=\"stylesheet
SF:\"\x20href=\"css/templatemo-blue\.css\">\n</head>\n<body\x20data-spy=\"
SF:scroll\"\x20data-target=\"\.navbar-collapse\">\n\n<!--\x20preloader\x20
SF:section\x20-->\n<!--\n<div\x20class=\"preloader\">\n\t<div\x20class=\"s
SF:k-spinner\x20sk-spinner-wordpress\">\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 55.18 seconds

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 00:54 EST

Nmap scan report for 10.10.10.168

Host is up (0.31s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 2048 33:d3:9a:0d:97:2c:54:20:e1:b0:17:34:f4:ca:70:1b (RSA)

| 256 f6:8b:d5:73:97:be:52:cb:12:ea:8b:02:7c:34:a3:d7 (ECDSA)

|_ 256 e8:df:55:78:76:85:4b:7b:dc:70:6a:fc:40:cc:ac:9b (ED25519)

80/tcp closed http

8080/tcp open http-proxy BadHTTPServer

| fingerprint-strings:

| GetRequest:

| HTTP/1.1 200 OK

| Date: Fri, 06 Dec 2019 05:55:37

| Server: BadHTTPServer

| Last-Modified: Fri, 06 Dec 2019 05:55:37

| Content-Length: 4171

| Content-Type: text/html

| Connection: Closed

| <!DOCTYPE html>

| <html lang="en">

| <head>

| <meta charset="utf-8">

| <title>0bscura</title>

| <meta http-equiv="X-UA-Compatible" content="IE=Edge">

| <meta name="viewport" content="width=device-width, initial-scale=1">

| <meta name="keywords" content="">

| <meta name="description" content="">

| <!--

| Easy Profile Template

| http://www.templatemo.com/tm-467-easy-profile

|

| <link rel="stylesheet" href="css/bootstrap.min.css">

| <link rel="stylesheet" href="css/font-awesome.min.css">

| <link rel="stylesheet" href="css/templatemo-blue.css">

| </head>

| <body data-spy="scroll" data-target=".navbar-collapse">

|

| <!--

| <div class="preloader">

| <div class="sk-spinner sk-spinner-wordpress">

| HTTPOptions:

| HTTP/1.1 200 OK

| Date: Fri, 06 Dec 2019 05:55:38

| Server: BadHTTPServer

| Last-Modified: Fri, 06 Dec 2019 05:55:38

| Content-Length: 4171

| Content-Type: text/html

| Connection: Closed

| <!DOCTYPE html>

| <html lang="en">

| <head>

| <meta charset="utf-8">

| <title>0bscura</title>

| <meta http-equiv="X-UA-Compatible" content="IE=Edge">

| <meta name="viewport" content="width=device-width, initial-scale=1">

| <meta name="keywords" content="">

| <meta name="description" content="">

| <!--

| Easy Profile Template

| http://www.templatemo.com/tm-467-easy-profile

|

| <link rel="stylesheet" href="css/bootstrap.min.css">

| <link rel="stylesheet" href="css/font-awesome.min.css">

| <link rel="stylesheet" href="css/templatemo-blue.css">

| </head>

| <body data-spy="scroll" data-target=".navbar-collapse">

|

| <!--

| <div class="preloader">

|_ <div class="sk-spinner sk-spinner-wordpress">

|_http-server-header: BadHTTPServer

|_http-title: 0bscura

9000/tcp closed cslistener

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port8080-TCP:V=7.80%I=7%D=12/6%Time=5DE9ED1C%P=x86_64-pc-linux-gnu%r(Ge

SF:tRequest,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20Fri,\x2006\x20Dec\x2020

SF:19\x2005:55:37\nServer:\x20BadHTTPServer\nLast-Modified:\x20Fri,\x2006\

SF:x20Dec\x202019\x2005:55:37\nContent-Length:\x204171\nContent-Type:\x20t

SF:ext/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20html>\n<html\x20lang=\"

SF:en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t<title>0bscura</title>\

SF:n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20content=\"IE=Edge\">\n\t<

SF:meta\x20name=\"viewport\"\x20content=\"width=device-width,\x20initial-s

SF:cale=1\">\n\t<meta\x20name=\"keywords\"\x20content=\"\">\n\t<meta\x20na

SF:me=\"description\"\x20content=\"\">\n<!--\x20\nEasy\x20Profile\x20Templ

SF:ate\nhttp://www\.templatemo\.com/tm-467-easy-profile\n-->\n\t<!--\x20st

SF:ylesheet\x20css\x20-->\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/boo

SF:tstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/font-a

SF:wesome\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/templa

SF:temo-blue\.css\">\n</head>\n<body\x20data-spy=\"scroll\"\x20data-target

SF:=\"\.navbar-collapse\">\n\n\n<!--\n<

SF:div\x20class=\"preloader\">\n\t<div\x20class=\"sk-spinner\x20sk-spinner

SF:-wordpress\">\n")%r(HTTPOptions,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20

SF:Fri,\x2006\x20Dec\x202019\x2005:55:38\nServer:\x20BadHTTPServer\nLast-M

SF:odified:\x20Fri,\x2006\x20Dec\x202019\x2005:55:38\nContent-Length:\x204

SF:171\nContent-Type:\x20text/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20

SF:html>\n<html\x20lang=\"en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t

SF:<title>0bscura</title>\n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20co

SF:ntent=\"IE=Edge\">\n\t<meta\x20name=\"viewport\"\x20content=\"width=dev

SF:ice-width,\x20initial-scale=1\">\n\t<meta\x20name=\"keywords\"\x20conte

SF:nt=\"\">\n\t<meta\x20name=\"description\"\x20content=\"\">\n<!--\x20\nE

SF:asy\x20Profile\x20Template\nhttp://www\.templatemo\.com/tm-467-easy-pro

SF:file\n-->\n\t\n\t<link\x20rel=\"stylesh

SF:eet\"\x20href=\"css/bootstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet

SF:\"\x20href=\"css/font-awesome\.min\.css\">\n\t<link\x20rel=\"stylesheet

SF:\"\x20href=\"css/templatemo-blue\.css\">\n</head>\n<body\x20data-spy=\"

SF:scroll\"\x20data-target=\"\.navbar-collapse\">\n\n<!--\x20preloader\x20

SF:section\x20-->\n<!--\n<div\x20class=\"preloader\">\n\t<div\x20class=\"s

SF:k-spinner\x20sk-spinner-wordpress\">\n");

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 55.18 seconds

Mari kita coba akses service http yang ada di port 8080 Ada tampilan seperti halaman blog tentang 0bscura, jika scroll kebawah maka kita akan mendapatkan clue seperti Nampaknya pembuat box menginginkan kita menemukan script python SuperSecureServer.py yang ada di sebuah directory. Maka untuk mencarinya […]

February 26, 2020May 14, 2020

[HackTheBox] – Postman

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox Postman, dengan OS Linux menurut player HackTheBox lain yang sudah mengerjakan, box ini akan berorientasi pada exploitasi CVE. Mari kita lakukan enumerasi pertama dengan melakukan nmap

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-13 01:27 EST
Nmap scan report for 10.10.10.160
Host is up (0.33s latency).
Not shown: 997 closed ports
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77 (RSA)
|   256 2d:8d:27:d2:df:15:1a:31:53:05:fb:ff:f0:62:26:89 (ECDSA)
|_  256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45 (ED25519)
80/tcp    open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: The Cyber Geek's Personal Website
6379/tcp open  redis   Redis key-value store 4.0.9
10000/tcp open  http    MiniServ 1.910 (Webmin httpd)
| http-robots.txt: 1 disallowed entry 
|_/
|_http-server-header: MiniServ/1.910
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=2/13%OT=22%CT=1%CU=36676%PV=Y%DS=2%DC=T%G=Y%TM=5E44EC9
OS:1%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%TS=A)SEQ(SP=107%GC
OS:D=1%ISR=10D%TI=Z%CI=Z%TS=9)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=D)
OS:OPS(O1=M54DST11NW7%O2=M54DST11NW7%O3=M54DNNT11NW7%O4=M54DST11NW7%O5=M54D
OS:ST11NW7%O6=M54DST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
OS:ECN(R=N)ECN(R=Y%DF=Y%T=40%W=7210%O=M54DNNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%TG=40%
OS:S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R
OS:=N)T4(R=N)T4(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)T5(R=N)T5(R=Y%DF=Y
OS:%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T6(R=N)T6(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=
OS:R%O=%RD=0%Q=)T7(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)U1(R=N)
OS:U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)I
OS:E(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 110/tcp)
HOP RTT       ADDRESS
1   342.08 ms 10.10.14.1
2   333.33 ms 10.10.10.160

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 84.91 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-13 01:27 EST

Nmap scan report for 10.10.10.160

Host is up (0.33s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77 (RSA)

| 256 2d:8d:27:d2:df:15:1a:31:53:05:fb:ff:f0:62:26:89 (ECDSA)

|_ 256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45 (ED25519)

80/tcp open http Apache httpd 2.4.29 ((Ubuntu))

|_http-server-header: Apache/2.4.29 (Ubuntu)

|_http-title: The Cyber Geek's Personal Website

6379/tcp open redis Redis key-value store 4.0.9

10000/tcp open http MiniServ 1.910 (Webmin httpd)

| http-robots.txt: 1 disallowed entry

|_/

|_http-server-header: MiniServ/1.910

|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.80%E=4%D=2/13%OT=22%CT=1%CU=36676%PV=Y%DS=2%DC=T%G=Y%TM=5E44EC9

OS:1%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%TS=A)SEQ(SP=107%GC

OS:D=1%ISR=10D%TI=Z%CI=Z%TS=9)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=D)

OS:OPS(O1=M54DST11NW7%O2=M54DST11NW7%O3=M54DNNT11NW7%O4=M54DST11NW7%O5=M54D

OS:ST11NW7%O6=M54DST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)

OS:ECN(R=N)ECN(R=Y%DF=Y%T=40%W=7210%O=M54DNNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%TG=40%

OS:S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R

OS:=N)T4(R=N)T4(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)T5(R=N)T5(R=Y%DF=Y

OS:%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T6(R=N)T6(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=

OS:R%O=%RD=0%Q=)T7(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)U1(R=N)

OS:U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)I

OS:E(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 110/tcp)

HOP RTT ADDRESS

1 342.08 ms 10.10.14.1

2 333.33 ms 10.10.10.160

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 84.91 seconds

Pertama, penulis membuka service yang running di port 10000 yaitu webmin. Perlu diketahui bahwa jika kita mengaksesnya dengan menggunakan http://10.10.10.160:10000 akan di forward ke page lain, tetapi […]

February 26, 2020May 14, 2020

[HackTheBox] – Mango

Posted in Pentest by Bryan Lee Leave a Comment

Sebuah box dengan OS Linux dengan IP 10.10.10.162 Menurut review dari peserta lain, box ini akan terfokus ke enumerasi, real-life dan CVE. Mari kita mulai dengan nmap dan dirbuster Terdapat port 22, 80, dan 443 dari nmap scan dan file menraik analytics.php index.php analytics.php Keduanya merupakan rabbit hole, kita ganti ke https dan cek certificate. […]

February 5, 2020May 14, 2020

[HackTheBox] – Registry

Posted in Pentest by Bryan Lee Leave a Comment

Didapatkan sebuah box bernama Registry dengan IP 10.10.10.159 Menurut peserta lain, box ini akan berisi banyak enumerasi, real-life dan costum exploitation. Mari kita mulai dengan nmap dan dirbuster Terdapat port 22, 80, dan 443 serta ditemukan directory install dan index.html Pada directory /install/index.php ditemukan tulisan tulisan aneh, nampaknya kita diberikan sebuah file. Setelah di ambil, […]

February 5, 2020May 14, 2020

[HackTheBox] – openadmin

Posted in Pentest by Bryan Lee Leave a Comment

Sebuah machine Linux, dengan IP 10.10.10.171, dilihat dari review peserta lain maka challenge ini akan banyak menggunakan CVE, Enumerasi dan mirip dengan CTF. Pertama mari kita lakukan nmap scan terlebih dahulu, didapatkan result seperti ini

Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 00:23 EST
Nmap scan report for 10.10.10.171
Host is up (0.33s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE    VERSION
22/tcp open  tcpwrapped
|_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
80/tcp open  http       Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=1/5%OT=80%CT=1%CU=44689%PV=Y%DS=2%DC=T%G=Y%TM=5E11734E
OS:%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10B%TI=Z%CI=Z%II=I%TS=B)SEQ(
OS:SP=106%GCD=1%ISR=10B%TI=Z%CI=Z%TS=B)OPS(O1=M54DST11NW7%O2=M54DST11NW7%O3
OS:=M54DNNT11NW7%O4=M54DST11NW7%O5=M54DST11NW7%O6=M54DST11)WIN(W1=7120%W2=7
OS:120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M54DNNSNW
OS:7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF
OS:=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=
OS:%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=
OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RI
OS:PCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops

TRACEROUTE (using port 995/tcp)
HOP RTT       ADDRESS
1   281.12 ms 10.10.14.1
2   348.60 ms 10.10.10.171

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 99.01 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 00:23 EST

Nmap scan report for 10.10.10.171

Host is up (0.33s latency).

Not shown: 998 closed ports

PORT STATE SERVICE VERSION

22/tcp open tcpwrapped

|_ssh-hostkey: ERROR: Script execution failed (use -d to debug)

80/tcp open http Apache httpd 2.4.29 ((Ubuntu))

|_http-server-header: Apache/2.4.29 (Ubuntu)

|_http-title: Apache2 Ubuntu Default Page: It works

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.80%E=4%D=1/5%OT=80%CT=1%CU=44689%PV=Y%DS=2%DC=T%G=Y%TM=5E11734E

OS:%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10B%TI=Z%CI=Z%II=I%TS=B)SEQ(

OS:SP=106%GCD=1%ISR=10B%TI=Z%CI=Z%TS=B)OPS(O1=M54DST11NW7%O2=M54DST11NW7%O3

OS:=M54DNNT11NW7%O4=M54DST11NW7%O5=M54DST11NW7%O6=M54DST11)WIN(W1=7120%W2=7

OS:120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M54DNNSNW

OS:7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF

OS:=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=

OS:%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=

OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RI

OS:PCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops

TRACEROUTE (using port 995/tcp)

HOP RTT ADDRESS

1 281.12 ms 10.10.14.1

2 348.60 ms 10.10.10.171

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 99.01 seconds

Bisa ditemukan sebuah website dan sebuah SSH service yang berjalan. Mari kita dirbuster website yang berjalan. Kita bisa menemukan […]

January 21, 2020

[HackTheBox – CTF] – ezpz

Posted in Web Exploitation by EternalBeats Leave a Comment

Diberikan website yang langsung memunculkan error. Error pertama dibilang “obj” tidak ada, jadi sepertinya kita perlu memprovide dengan menggunakan variable “obj”, memasukan obj dengan method get bisa dilihat error pertama hilang. Untuk error kedua harus ada sedikit bacaan, dibilang terdapat non-object ‘ID’ sepertinya kita perlu memprovide “ID” juga tetapi berbeda dengan “obj”. Membaca sedikit tentang […]

December 18, 2019

[RingZer0] – Thinking outside the box is the key

Posted in Web Exploitation by Angeline Leave a Comment

Link soal: https://ringzer0ctf.com/challenges/39/?id=2 Dikarenakan soal tersebut merupakan soal SQLinjection, kita langsung mencoba untuk menambahkan ‘ pada akhir url tersebut https://ringzer0ctf.com/challenges/39/?id=2′ Lalu terdapat tampilan error sebagai berikut Dapat kita lihat, ternyata mereka menggunakan SQLite dan kita berhasil menemukan tempat untuk melaksanakan SQLinjection attack ini Selanjutnya, kita menentukan ada berapa column yang diperlukan agar kita bisa menggunakan […]

December 17, 2019

[noxCTF 2018] – Guess The String

Posted in Reverse Engineering by Stewart Sulivinio Leave a Comment

Challenge Description : Would you like to test your luck? Let’s see if you can guess the correct string. Diberikan File ELF-64 bit bernama GuessTheString, ketika dijalankan maka hasilnya adalah sebagai berikut : Selanjutnya, dengan menggunakan IDA, saya mencoba untuk melakukan disassemble file tersebut, dengan hasil sebagai berikut : dari hasil disassemble tersebut, terdapat function […]

December 17, 2019

[OverTheWire] – Behemoth3

Posted in Reverse Engineering by Stewart Sulivinio Leave a Comment

behemoth3 dapat diakses menggunakan : “ssh behemoth3@behemoth.labs.overthewire.org” dengan password yang didapatkan pada behemoth2 yaitu ‘nieteidiel’. disclaimer : writeup ini dibuat dengan bahan bacaan dari writeup : https://github.com/USCGA/writeups/tree/master/overthewire/behemoth/level3 pada level ini, terdapat file bernama behemoth3. Ketika file tersebut dieksekusi, maka hasilnya adalah sebagai berikut : selanjutnya saya menggunakan ltrace untuk melihat garis besar proses […]

November 11, 2019

[OverTheWire] – behemoth2-3

Posted in Reverse Engineering by Stewart Sulivinio Leave a Comment

Untuk mengerjakan behemoth2, dapat menggunakan ssh “ssh behemoth2@behemoth.labs.overthewire.org” dan memasukkan password yang telah didapatkan sebelumnya dari behemoth1. Terdapat sebuah file ELF yang bernama behemoth2, ketika dijalankan akan maka hasilnya adalah sebagai berikut : terlihat bahwa dijalankan perintah touch, di mana perintah touch merupakan command yang digunakan untuk membuat file kosong. Tetapi, pada eksekusi file […]