PETIR CYBER SECURITY – Page 2 – Tim kompetisi Capture The Flag (CTF) Universitas Bina Nusantara, yang merupakan tempat untuk belajar lebih dalam tentang Cyber Security secara intensif dan kompetitif.

May 14, 2020

[HackTheBox] – Traverxec

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox dengan OS Linux Mari kita lakukan enumerasi awal terhadap machine ini terlebih dahulu dengan nmap

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:01 EST
Nmap scan report for 10.10.10.165
Host is up (0.27s latency).
Not shown: 998 filtered ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.9p1 Debian 10+deb10u1 (protocol 2.0)
| ssh-hostkey: 
|   2048 aa:99:a8:16:68:cd:41:cc:f9:6c:84:01:c7:59:09:5c (RSA)
|   256 93:dd:1a:23:ee:d7:1f:08:6b:58:47:09:73:a3:88:cc (ECDSA)
|_  256 9d:d6:62:1e:7a:fb:8f:56:92:e6:37:f1:10:db:9b:ce (ED25519)
80/tcp open  http    nostromo 1.9.6
|_http-server-header: nostromo 1.9.6
|_http-title: TRAVERXEC
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.18 (92%), Linux 3.2 - 4.9 (92%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   280.93 ms 10.10.14.1
2   280.96 ms 10.10.10.165

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 40.36 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:01 EST

Nmap scan report for 10.10.10.165

Host is up (0.27s latency).

Not shown: 998 filtered ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u1 (protocol 2.0)

| ssh-hostkey:

| 2048 aa:99:a8:16:68:cd:41:cc:f9:6c:84:01:c7:59:09:5c (RSA)

| 256 93:dd:1a:23:ee:d7:1f:08:6b:58:47:09:73:a3:88:cc (ECDSA)

|_ 256 9d:d6:62:1e:7a:fb:8f:56:92:e6:37:f1:10:db:9b:ce (ED25519)

80/tcp open http nostromo 1.9.6

|_http-server-header: nostromo 1.9.6

|_http-title: TRAVERXEC

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.18 (92%), Linux 3.2 - 4.9 (92%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 2 hops

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 280.93 ms 10.10.14.1

2 280.96 ms 10.10.10.165

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 40.36 seconds

Ada service http di port 80 dan ssh di port 22. Hal yang menarik untuk dilihat adalah nampaknya website menggunakan aplikasi bernama nostromo 1.9.6 Mari kita buka sebentar webnya sebelum ngegas vulnerability buat nostromo 1.9.6 nya , just […]

May 14, 2020

[HackTheBox] – Wall

Posted in Pentest by Bryan Lee Leave a Comment

Sebuah machine Hack The Box dengan ip 10.10.10.157, nampaknya akan didasarkan oleh eksploitasi CVE. Mari kita lakukan nmap terhadap ip tersebut

nmap -sC -sV 10.10.10.157

1	nmap -sC -sV 10.10.10.157

Lakukan dirbuster dengan wordlist medium Terdapat directory yang menarik bernama monitoring dengan error code 401, yang berarti memerlukan authentication. Mari kita coba buka Kita menemukan page yang di proteksi oleh basic http authentication, […]

May 14, 2020

[HackTheBox] – Sniper

Posted in Pentest by Bryan Lee Leave a Comment

Box Sniper dengan IP 10.10.10.151 dengan OS Windows *painful af OS Mari lakukan basic enumeration dengan nmap, hasil nmap menunjukkan

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-07 02:40 EST
Nmap scan report for 10.10.10.151
Host is up (0.26s latency).
Not shown: 996 filtered ports
PORT    STATE SERVICE       VERSION
80/tcp  open  http          Microsoft IIS httpd 10.0
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/10.0
|_http-title: Sniper Co.
135/tcp open  msrpc         Microsoft Windows RPC
139/tcp open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp open  microsoft-ds?
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: 7h01m53s
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2020-03-07T14:43:14
|_  start_date: N/A

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   252.60 ms 10.10.14.1
2   254.10 ms 10.10.10.151

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 83.37 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-07 02:40 EST

Nmap scan report for 10.10.10.151

Host is up (0.26s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE VERSION

80/tcp open http Microsoft IIS httpd 10.0

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/10.0

|_http-title: Sniper Co.

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds?

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 2 hops

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:

|_clock-skew: 7h01m53s

| smb2-security-mode:

| 2.02:

|_ Message signing enabled but not required

| smb2-time:

| date: 2020-03-07T14:43:14

|_ start_date: N/A

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 252.60 ms 10.10.14.1

2 254.10 ms 10.10.10.151

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 83.37 seconds

Terdapat web service, mari kita coba cek Terdapat user login portal Setelah mencoba beberapa payload basic dan basic credentials, tidak ditemukan apa apa yang bisa digunakan Pada page services, dan setelah berpindah ke page […]

May 14, 2020May 14, 2020

[Angstrom CTF 2020] – canary

Posted in Binary Exploitation by ArkAngels Leave a Comment

Diberikan sebuah binary dengan konfigurasi sebagai berikut: Berikut adalah list dari semua fungsi pada binary: Berikut adalah pseudocode dari fungsi yang memiliki celah:

unsigned __int64 greet()
{
  char format; // [rsp+0h] [rbp-60h]
  char v2; // [rsp+20h] [rbp-40h]
  unsigned __int64 v3; // [rsp+58h] [rbp-8h]

  v3 = __readfsqword(0x28u);
  printf("Hi! What's your name? ");
  gets(&format);
  printf("Nice to meet you, ");
  strcat(&format, "!\n");
  printf(&format);
  printf("Anything else you want to tell me? ");
  gets(&v2);
  return __readfsqword(0x28u) ^ v3;
}

unsigned __int64 greet()

{

char format; // [rsp+0h] [rbp-60h]

char v2; // [rsp+20h] [rbp-40h]

unsigned __int64 v3; // [rsp+58h] [rbp-8h]

v3 = __readfsqword(0x28u);

printf("Hi! What's your name? ");

gets(&format);

printf("Nice to meet you, ");

strcat(&format, "!\n");

printf(&format);

printf("Anything else you want to tell me? ");

gets(&v2);

return __readfsqword(0x28u) ^ v3;

}

Dilihat program menggunakan gets() yang memiliki kelemahan buffer overflow dan printf(&format) memiliki kelemahan format string attack. Tujuan dari soal ini adalah untuk memanggil fungsi flag(). Namun dari nama soal dan konfigurasi binary, terdapat stack canary […]

May 14, 2020May 14, 2020

[Joints2020] – crackme

Posted in Reverse Engineering by ArkAngels Leave a Comment

Diberikan sebuah binary 64 bit not stripped. Pseudocode dari fungsi main adalah sebagai berikut:

int __cdecl main(int argc, const char **argv, const char **envp)
{
  char v4; // [rsp+0h] [rbp-30h]
  _BYTE v5[3]; // [rsp+5h] [rbp-2Bh]
  _BYTE v6[6]; // [rsp+Ah] [rbp-26h]
  int v7; // [rsp+14h] [rbp-1Ch]
  char v8; // [rsp+19h] [rbp-17h]
  unsigned __int64 v9; // [rsp+28h] [rbp-8h]

  v9 = __readfsqword(0x28u);
  __isoc99_scanf("%5c-%5c-%5c-%5c-%5c", &v4, v5, v6, &v6[5], &v7);
  v8 = 0;
  if ( checker(&v4) )
    unlock();
  else
    printf("Invalid serial key");
  return 0;
}

int __cdecl main(int argc, const char **argv, const char **envp)

{

char v4; // [rsp+0h] [rbp-30h]

_BYTE v5[3]; // [rsp+5h] [rbp-2Bh]

_BYTE v6[6]; // [rsp+Ah] [rbp-26h]

int v7; // [rsp+14h] [rbp-1Ch]

char v8; // [rsp+19h] [rbp-17h]

unsigned __int64 v9; // [rsp+28h] [rbp-8h]

v9 = __readfsqword(0x28u);

__isoc99_scanf("%5c-%5c-%5c-%5c-%5c", &v4, v5, v6, &v6[5], &v7);

v8 = 0;

if ( checker(&v4) )

unlock();

else

printf("Invalid serial key");

return 0;

}

Dilihat program meminta input sepanjang 25 karakter dan kemudian input akan diproses oleh fungsi checker() dan bila hasil dari checker() adalah true maka fungsi unlock() akan dipanggil. Berikut pseudocode dari fungsi unlock():

int unlock()
{
  char i; // al
  FILE *stream; // [rsp+8h] [rbp-8h]

  stream = fopen("flag.txt", "r");
  for ( i = fgetc(stream); i != -1; i = fgetc(stream) )
    putchar(i);
  return fclose(stream);
}

int unlock()

{

char i; // al

FILE *stream; // [rsp+8h] [rbp-8h]

stream = fopen("flag.txt", "r");

for ( i = fgetc(stream); i != -1; i = fgetc(stream) )

putchar(i);

return fclose(stream);

}

Fungsi tersebut akan membuka file flag.txt pada server nc. Berikut pseudocode dari fungsi checker():

April 4, 2020September 17, 2020

[HackTheBox] – Nest

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox machine “Nest” , SPOILER ALERT INI DIFFICULTY NYA TIDAK EASY , AT LEAST MEDIUM (?) Mari kita nmap dengan syntax biasa, nmap -sV -sC -A 10.10.10.178

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-01 08:14 EDT
Nmap scan report for nest.htb (10.10.10.178)
Host is up (0.27s latency).
Not shown: 999 filtered ports
PORT    STATE SERVICE       VERSION
445/tcp open  microsoft-ds?

Host script results:
|_clock-skew: 2m25s
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2020-04-01T12:17:25
|_  start_date: 2020-04-01T04:15:20

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 80.76 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-01 08:14 EDT

Nmap scan report for nest.htb (10.10.10.178)

Host is up (0.27s latency).

Not shown: 999 filtered ports

PORT STATE SERVICE VERSION

445/tcp open microsoft-ds?

Host script results:

|_clock-skew: 2m25s

| smb2-security-mode:

| 2.02:

|_ Message signing enabled but not required

| smb2-time:

| date: 2020-04-01T12:17:25

|_ start_date: 2020-04-01T04:15:20

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 80.76 seconds

Port yang open hanya samba share, mari kita listing share yang ada di port 445 tersebut

smbclient -L //10.10.10.178

1	smbclient -L //10.10.10.178

Ada beberapa share yang menarik yaitu Data, Secure$ dan Users […]

March 25, 2020May 31, 2020

[HackTheBox] – Resolute

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox Resolute dengan OS Windows Sebelumnya penulis merasa paling enak kalau ketemu box windows tuh ya enumnya pakai sparta, karena udah include smbenum, nmap, semua kebutuhan enumeration ditanganin sparta. Tapi for some reason kali ini sparta ku rusak :'( jadi mau ga mau sedikit manual Mari kita mulai dengan nmap

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-21 00:20 EDT
Nmap scan report for 10.10.10.169
Host is up (0.25s latency).
Not shown: 989 closed ports
PORT     STATE SERVICE      VERSION
53/tcp   open  domain?
| fingerprint-strings: 
|   DNSVersionBindReqTCP: 
|     version
|_    bind
88/tcp   open  kerberos-sec Microsoft Windows Kerberos (server time: 2020-03-21 04:30:38Z)
135/tcp  open  msrpc        Microsoft Windows RPC
139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
389/tcp  open  ldap         Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name)
445/tcp  open  microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: MEGABANK)
464/tcp  open  kpasswd5?
593/tcp  open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
636/tcp  open  tcpwrapped
3268/tcp open  ldap         Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name)
3269/tcp open  tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.80%I=7%D=3/21%Time=5E75964B%P=x86_64-pc-linux-gnu%r(DNSV
SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\
SF:x04bind\0\0\x10\0\x03");
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=3/21%OT=53%CT=1%CU=36449%PV=Y%DS=2%DC=T%G=Y%TM=5E75976
OS:6%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=109%TI=I%CI=I%TS=A)SEQ(SP=1
OS:07%GCD=1%ISR=109%TI=I%CI=I%II=I%SS=S%TS=A)SEQ(SP=107%GCD=1%ISR=109%TI=I%
OS:II=I%SS=S%TS=A)OPS(O1=M54DNW8ST11%O2=M54DNW8ST11%O3=M54DNW8NNT11%O4=M54D
OS:NW8ST11%O5=M54DNW8ST11%O6=M54DST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W
OS:5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M54DNW8NNS%CC=Y%Q=)T1(R=Y%DF=Y
OS:%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=
OS:)T3(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A
OS:=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%D
OS:F=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O
OS:=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=
OS:G)IE(R=Y%DFI=N%T=80%CD=Z)

Network Distance: 2 hops
Service Info: Host: RESOLUTE; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: 2h29m12s, deviation: 4h02m30s, median: 9m11s
| smb-os-discovery: 
|   OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
|   Computer name: Resolute
|   NetBIOS computer name: RESOLUTE\x00
|   Domain name: megabank.local
|   Forest name: megabank.local
|   FQDN: Resolute.megabank.local
|_  System time: 2020-03-20T21:33:12-07:00
| smb-security-mode: 
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: required
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled and required
| smb2-time: 
|   date: 2020-03-21T04:33:13
|_  start_date: 2020-03-20T20:22:10

TRACEROUTE (using port 8080/tcp)
HOP RTT       ADDRESS
1   262.23 ms 10.10.14.1
2   262.35 ms 10.10.10.169

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 318.13 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-21 00:20 EDT

Nmap scan report for 10.10.10.169

Host is up (0.25s latency).

Not shown: 989 closed ports

PORT STATE SERVICE VERSION

53/tcp open domain?

| fingerprint-strings:

| DNSVersionBindReqTCP:

| version

|_ bind

88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2020-03-21 04:30:38Z)

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name)

445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: MEGABANK)

464/tcp open kpasswd5?

593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0

636/tcp open tcpwrapped

3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name)

3269/tcp open tcpwrapped

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port53-TCP:V=7.80%I=7%D=3/21%Time=5E75964B%P=x86_64-pc-linux-gnu%r(DNSV

SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\

SF:x04bind\0\0\x10\0\x03");

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.80%E=4%D=3/21%OT=53%CT=1%CU=36449%PV=Y%DS=2%DC=T%G=Y%TM=5E75976

OS:6%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=109%TI=I%CI=I%TS=A)SEQ(SP=1

OS:07%GCD=1%ISR=109%TI=I%CI=I%II=I%SS=S%TS=A)SEQ(SP=107%GCD=1%ISR=109%TI=I%

OS:II=I%SS=S%TS=A)OPS(O1=M54DNW8ST11%O2=M54DNW8ST11%O3=M54DNW8NNT11%O4=M54D

OS:NW8ST11%O5=M54DNW8ST11%O6=M54DST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W

OS:5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M54DNW8NNS%CC=Y%Q=)T1(R=Y%DF=Y

OS:%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=

OS:)T3(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A

OS:=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%D

OS:F=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O

OS:=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=

OS:G)IE(R=Y%DFI=N%T=80%CD=Z)

Network Distance: 2 hops

Service Info: Host: RESOLUTE; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:

|_clock-skew: mean: 2h29m12s, deviation: 4h02m30s, median: 9m11s

| smb-os-discovery:

| OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)

| Computer name: Resolute

| NetBIOS computer name: RESOLUTE\x00

| Domain name: megabank.local

| Forest name: megabank.local

| FQDN: Resolute.megabank.local

|_ System time: 2020-03-20T21:33:12-07:00

| smb-security-mode:

| account_used: <blank>

| authentication_level: user

| challenge_response: supported

|_ message_signing: required

| smb2-security-mode:

| 2.02:

|_ Message signing enabled and required

| smb2-time:

| date: 2020-03-21T04:33:13

|_ start_date: 2020-03-20T20:22:10

TRACEROUTE (using port 8080/tcp)

HOP RTT ADDRESS

1 262.23 ms 10.10.14.1

2 262.35 ms 10.10.10.169

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 318.13 seconds

Kita mendapatkan beberapa open […]

February 26, 2020May 14, 2020

[HackTheBox] – Forest

Posted in Pentest by Bryan Lee Leave a Comment

Hack The Box – Forest Machine Kali ini kita akan mengerjakan box dengan OS Windows, OS yang dibenci banyak kalangan orang haha, termasuks saya. First time windows box. Terlihat dari review yang diberikan orang orang bahwa kita akan banyak berurusan dengan situasi real life, enumerasi dan eksplotasi menggunakan CVE. Mari kita mulai, pertama akan kita […]

February 26, 2020May 14, 2020

[HackTheBox] – Obscurity

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox Obscurity Mari kita lakukan recon pertama-tama, dengan menggunakan nmap

Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 00:54 EST
Nmap scan report for 10.10.10.168
Host is up (0.31s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE    VERSION
22/tcp   open   ssh        OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 33:d3:9a:0d:97:2c:54:20:e1:b0:17:34:f4:ca:70:1b (RSA)
|   256 f6:8b:d5:73:97:be:52:cb:12:ea:8b:02:7c:34:a3:d7 (ECDSA)
|_  256 e8:df:55:78:76:85:4b:7b:dc:70:6a:fc:40:cc:ac:9b (ED25519)
80/tcp   closed http
8080/tcp open   http-proxy BadHTTPServer
| fingerprint-strings: 
|   GetRequest: 
|     HTTP/1.1 200 OK
|     Date: Fri, 06 Dec 2019 05:55:37
|     Server: BadHTTPServer
|     Last-Modified: Fri, 06 Dec 2019 05:55:37
|     Content-Length: 4171
|     Content-Type: text/html
|     Connection: Closed
|     <!DOCTYPE html>
|     <html lang="en">
|     <head>
|     <meta charset="utf-8">
|     <title>0bscura</title>
|     <meta http-equiv="X-UA-Compatible" content="IE=Edge">
|     <meta name="viewport" content="width=device-width, initial-scale=1">
|     <meta name="keywords" content="">
|     <meta name="description" content="">
|     <!-- 
|     Easy Profile Template
|     http://www.templatemo.com/tm-467-easy-profile
|     <!-- stylesheet css -->
|     <link rel="stylesheet" href="css/bootstrap.min.css">
|     <link rel="stylesheet" href="css/font-awesome.min.css">
|     <link rel="stylesheet" href="css/templatemo-blue.css">
|     </head>
|     <body data-spy="scroll" data-target=".navbar-collapse">
|     <!-- preloader section -->
|     <!--
|     <div class="preloader">
|     <div class="sk-spinner sk-spinner-wordpress">
|   HTTPOptions: 
|     HTTP/1.1 200 OK
|     Date: Fri, 06 Dec 2019 05:55:38
|     Server: BadHTTPServer
|     Last-Modified: Fri, 06 Dec 2019 05:55:38
|     Content-Length: 4171
|     Content-Type: text/html
|     Connection: Closed
|     <!DOCTYPE html>
|     <html lang="en">
|     <head>
|     <meta charset="utf-8">
|     <title>0bscura</title>
|     <meta http-equiv="X-UA-Compatible" content="IE=Edge">
|     <meta name="viewport" content="width=device-width, initial-scale=1">
|     <meta name="keywords" content="">
|     <meta name="description" content="">
|     <!-- 
|     Easy Profile Template
|     http://www.templatemo.com/tm-467-easy-profile
|     <!-- stylesheet css -->
|     <link rel="stylesheet" href="css/bootstrap.min.css">
|     <link rel="stylesheet" href="css/font-awesome.min.css">
|     <link rel="stylesheet" href="css/templatemo-blue.css">
|     </head>
|     <body data-spy="scroll" data-target=".navbar-collapse">
|     <!-- preloader section -->
|     <!--
|     <div class="preloader">
|_    <div class="sk-spinner sk-spinner-wordpress">
|_http-server-header: BadHTTPServer
|_http-title: 0bscura
9000/tcp closed cslistener
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.80%I=7%D=12/6%Time=5DE9ED1C%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20Fri,\x2006\x20Dec\x2020
SF:19\x2005:55:37\nServer:\x20BadHTTPServer\nLast-Modified:\x20Fri,\x2006\
SF:x20Dec\x202019\x2005:55:37\nContent-Length:\x204171\nContent-Type:\x20t
SF:ext/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20html>\n<html\x20lang=\"
SF:en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t<title>0bscura</title>\
SF:n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20content=\"IE=Edge\">\n\t<
SF:meta\x20name=\"viewport\"\x20content=\"width=device-width,\x20initial-s
SF:cale=1\">\n\t<meta\x20name=\"keywords\"\x20content=\"\">\n\t<meta\x20na
SF:me=\"description\"\x20content=\"\">\n<!--\x20\nEasy\x20Profile\x20Templ
SF:ate\nhttp://www\.templatemo\.com/tm-467-easy-profile\n-->\n\t<!--\x20st
SF:ylesheet\x20css\x20-->\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/boo
SF:tstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/font-a
SF:wesome\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/templa
SF:temo-blue\.css\">\n</head>\n<body\x20data-spy=\"scroll\"\x20data-target
SF:=\"\.navbar-collapse\">\n\n<!--\x20preloader\x20section\x20-->\n<!--\n<
SF:div\x20class=\"preloader\">\n\t<div\x20class=\"sk-spinner\x20sk-spinner
SF:-wordpress\">\n")%r(HTTPOptions,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20
SF:Fri,\x2006\x20Dec\x202019\x2005:55:38\nServer:\x20BadHTTPServer\nLast-M
SF:odified:\x20Fri,\x2006\x20Dec\x202019\x2005:55:38\nContent-Length:\x204
SF:171\nContent-Type:\x20text/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20
SF:html>\n<html\x20lang=\"en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t
SF:<title>0bscura</title>\n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20co
SF:ntent=\"IE=Edge\">\n\t<meta\x20name=\"viewport\"\x20content=\"width=dev
SF:ice-width,\x20initial-scale=1\">\n\t<meta\x20name=\"keywords\"\x20conte
SF:nt=\"\">\n\t<meta\x20name=\"description\"\x20content=\"\">\n<!--\x20\nE
SF:asy\x20Profile\x20Template\nhttp://www\.templatemo\.com/tm-467-easy-pro
SF:file\n-->\n\t<!--\x20stylesheet\x20css\x20-->\n\t<link\x20rel=\"stylesh
SF:eet\"\x20href=\"css/bootstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet
SF:\"\x20href=\"css/font-awesome\.min\.css\">\n\t<link\x20rel=\"stylesheet
SF:\"\x20href=\"css/templatemo-blue\.css\">\n</head>\n<body\x20data-spy=\"
SF:scroll\"\x20data-target=\"\.navbar-collapse\">\n\n<!--\x20preloader\x20
SF:section\x20-->\n<!--\n<div\x20class=\"preloader\">\n\t<div\x20class=\"s
SF:k-spinner\x20sk-spinner-wordpress\">\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 55.18 seconds

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 00:54 EST

Nmap scan report for 10.10.10.168

Host is up (0.31s latency).

Not shown: 996 filtered ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 2048 33:d3:9a:0d:97:2c:54:20:e1:b0:17:34:f4:ca:70:1b (RSA)

| 256 f6:8b:d5:73:97:be:52:cb:12:ea:8b:02:7c:34:a3:d7 (ECDSA)

|_ 256 e8:df:55:78:76:85:4b:7b:dc:70:6a:fc:40:cc:ac:9b (ED25519)

80/tcp closed http

8080/tcp open http-proxy BadHTTPServer

| fingerprint-strings:

| GetRequest:

| HTTP/1.1 200 OK

| Date: Fri, 06 Dec 2019 05:55:37

| Server: BadHTTPServer

| Last-Modified: Fri, 06 Dec 2019 05:55:37

| Content-Length: 4171

| Content-Type: text/html

| Connection: Closed

| <!DOCTYPE html>

| <html lang="en">

| <head>

| <meta charset="utf-8">

| <title>0bscura</title>

| <meta http-equiv="X-UA-Compatible" content="IE=Edge">

| <meta name="viewport" content="width=device-width, initial-scale=1">

| <meta name="keywords" content="">

| <meta name="description" content="">

| <!--

| Easy Profile Template

| http://www.templatemo.com/tm-467-easy-profile

|

| <link rel="stylesheet" href="css/bootstrap.min.css">

| <link rel="stylesheet" href="css/font-awesome.min.css">

| <link rel="stylesheet" href="css/templatemo-blue.css">

| </head>

| <body data-spy="scroll" data-target=".navbar-collapse">

|

| <!--

| <div class="preloader">

| <div class="sk-spinner sk-spinner-wordpress">

| HTTPOptions:

| HTTP/1.1 200 OK

| Date: Fri, 06 Dec 2019 05:55:38

| Server: BadHTTPServer

| Last-Modified: Fri, 06 Dec 2019 05:55:38

| Content-Length: 4171

| Content-Type: text/html

| Connection: Closed

| <!DOCTYPE html>

| <html lang="en">

| <head>

| <meta charset="utf-8">

| <title>0bscura</title>

| <meta http-equiv="X-UA-Compatible" content="IE=Edge">

| <meta name="viewport" content="width=device-width, initial-scale=1">

| <meta name="keywords" content="">

| <meta name="description" content="">

| <!--

| Easy Profile Template

| http://www.templatemo.com/tm-467-easy-profile

|

| <link rel="stylesheet" href="css/bootstrap.min.css">

| <link rel="stylesheet" href="css/font-awesome.min.css">

| <link rel="stylesheet" href="css/templatemo-blue.css">

| </head>

| <body data-spy="scroll" data-target=".navbar-collapse">

|

| <!--

| <div class="preloader">

|_ <div class="sk-spinner sk-spinner-wordpress">

|_http-server-header: BadHTTPServer

|_http-title: 0bscura

9000/tcp closed cslistener

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port8080-TCP:V=7.80%I=7%D=12/6%Time=5DE9ED1C%P=x86_64-pc-linux-gnu%r(Ge

SF:tRequest,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20Fri,\x2006\x20Dec\x2020

SF:19\x2005:55:37\nServer:\x20BadHTTPServer\nLast-Modified:\x20Fri,\x2006\

SF:x20Dec\x202019\x2005:55:37\nContent-Length:\x204171\nContent-Type:\x20t

SF:ext/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20html>\n<html\x20lang=\"

SF:en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t<title>0bscura</title>\

SF:n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20content=\"IE=Edge\">\n\t<

SF:meta\x20name=\"viewport\"\x20content=\"width=device-width,\x20initial-s

SF:cale=1\">\n\t<meta\x20name=\"keywords\"\x20content=\"\">\n\t<meta\x20na

SF:me=\"description\"\x20content=\"\">\n<!--\x20\nEasy\x20Profile\x20Templ

SF:ate\nhttp://www\.templatemo\.com/tm-467-easy-profile\n-->\n\t<!--\x20st

SF:ylesheet\x20css\x20-->\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/boo

SF:tstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/font-a

SF:wesome\.min\.css\">\n\t<link\x20rel=\"stylesheet\"\x20href=\"css/templa

SF:temo-blue\.css\">\n</head>\n<body\x20data-spy=\"scroll\"\x20data-target

SF:=\"\.navbar-collapse\">\n\n\n<!--\n<

SF:div\x20class=\"preloader\">\n\t<div\x20class=\"sk-spinner\x20sk-spinner

SF:-wordpress\">\n")%r(HTTPOptions,10FC,"HTTP/1\.1\x20200\x20OK\nDate:\x20

SF:Fri,\x2006\x20Dec\x202019\x2005:55:38\nServer:\x20BadHTTPServer\nLast-M

SF:odified:\x20Fri,\x2006\x20Dec\x202019\x2005:55:38\nContent-Length:\x204

SF:171\nContent-Type:\x20text/html\nConnection:\x20Closed\n\n<!DOCTYPE\x20

SF:html>\n<html\x20lang=\"en\">\n<head>\n\t<meta\x20charset=\"utf-8\">\n\t

SF:<title>0bscura</title>\n\t<meta\x20http-equiv=\"X-UA-Compatible\"\x20co

SF:ntent=\"IE=Edge\">\n\t<meta\x20name=\"viewport\"\x20content=\"width=dev

SF:ice-width,\x20initial-scale=1\">\n\t<meta\x20name=\"keywords\"\x20conte

SF:nt=\"\">\n\t<meta\x20name=\"description\"\x20content=\"\">\n<!--\x20\nE

SF:asy\x20Profile\x20Template\nhttp://www\.templatemo\.com/tm-467-easy-pro

SF:file\n-->\n\t\n\t<link\x20rel=\"stylesh

SF:eet\"\x20href=\"css/bootstrap\.min\.css\">\n\t<link\x20rel=\"stylesheet

SF:\"\x20href=\"css/font-awesome\.min\.css\">\n\t<link\x20rel=\"stylesheet

SF:\"\x20href=\"css/templatemo-blue\.css\">\n</head>\n<body\x20data-spy=\"

SF:scroll\"\x20data-target=\"\.navbar-collapse\">\n\n<!--\x20preloader\x20

SF:section\x20-->\n<!--\n<div\x20class=\"preloader\">\n\t<div\x20class=\"s

SF:k-spinner\x20sk-spinner-wordpress\">\n");

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 55.18 seconds

Mari kita coba akses service http yang ada di port 8080 Ada tampilan seperti halaman blog tentang 0bscura, jika scroll kebawah maka kita akan mendapatkan clue seperti Nampaknya pembuat box menginginkan kita menemukan script python SuperSecureServer.py yang ada di sebuah directory. Maka untuk mencarinya […]

February 26, 2020May 14, 2020

[HackTheBox] – Postman

Posted in Pentest by Bryan Lee Leave a Comment

HackTheBox Postman, dengan OS Linux menurut player HackTheBox lain yang sudah mengerjakan, box ini akan berorientasi pada exploitasi CVE. Mari kita lakukan enumerasi pertama dengan melakukan nmap

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-13 01:27 EST
Nmap scan report for 10.10.10.160
Host is up (0.33s latency).
Not shown: 997 closed ports
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77 (RSA)
|   256 2d:8d:27:d2:df:15:1a:31:53:05:fb:ff:f0:62:26:89 (ECDSA)
|_  256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45 (ED25519)
80/tcp    open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: The Cyber Geek's Personal Website
6379/tcp open  redis   Redis key-value store 4.0.9
10000/tcp open  http    MiniServ 1.910 (Webmin httpd)
| http-robots.txt: 1 disallowed entry 
|_/
|_http-server-header: MiniServ/1.910
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=2/13%OT=22%CT=1%CU=36676%PV=Y%DS=2%DC=T%G=Y%TM=5E44EC9
OS:1%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%TS=A)SEQ(SP=107%GC
OS:D=1%ISR=10D%TI=Z%CI=Z%TS=9)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=D)
OS:OPS(O1=M54DST11NW7%O2=M54DST11NW7%O3=M54DNNT11NW7%O4=M54DST11NW7%O5=M54D
OS:ST11NW7%O6=M54DST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
OS:ECN(R=N)ECN(R=Y%DF=Y%T=40%W=7210%O=M54DNNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%TG=40%
OS:S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R
OS:=N)T4(R=N)T4(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)T5(R=N)T5(R=Y%DF=Y
OS:%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T6(R=N)T6(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=
OS:R%O=%RD=0%Q=)T7(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)U1(R=N)
OS:U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)I
OS:E(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 110/tcp)
HOP RTT       ADDRESS
1   342.08 ms 10.10.14.1
2   333.33 ms 10.10.10.160

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 84.91 seconds

Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-13 01:27 EST

Nmap scan report for 10.10.10.160

Host is up (0.33s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77 (RSA)

| 256 2d:8d:27:d2:df:15:1a:31:53:05:fb:ff:f0:62:26:89 (ECDSA)

|_ 256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45 (ED25519)

80/tcp open http Apache httpd 2.4.29 ((Ubuntu))

|_http-server-header: Apache/2.4.29 (Ubuntu)

|_http-title: The Cyber Geek's Personal Website

6379/tcp open redis Redis key-value store 4.0.9

10000/tcp open http MiniServ 1.910 (Webmin httpd)

| http-robots.txt: 1 disallowed entry

|_/

|_http-server-header: MiniServ/1.910

|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.80%E=4%D=2/13%OT=22%CT=1%CU=36676%PV=Y%DS=2%DC=T%G=Y%TM=5E44EC9

OS:1%P=x86_64-pc-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%TS=A)SEQ(SP=107%GC

OS:D=1%ISR=10D%TI=Z%CI=Z%TS=9)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=D)

OS:OPS(O1=M54DST11NW7%O2=M54DST11NW7%O3=M54DNNT11NW7%O4=M54DST11NW7%O5=M54D

OS:ST11NW7%O6=M54DST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)

OS:ECN(R=N)ECN(R=Y%DF=Y%T=40%W=7210%O=M54DNNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%TG=40%

OS:S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R

OS:=N)T4(R=N)T4(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=R%O=%RD=0%Q=)T5(R=N)T5(R=Y%DF=Y

OS:%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T6(R=N)T6(R=Y%DF=Y%T=40%W=0%S=O%A=Z%F=

OS:R%O=%RD=0%Q=)T7(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)U1(R=N)

OS:U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)I

OS:E(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 110/tcp)

HOP RTT ADDRESS

1 342.08 ms 10.10.14.1

2 333.33 ms 10.10.10.160

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 84.91 seconds

Pertama, penulis membuka service yang running di port 10000 yaitu webmin. Perlu diketahui bahwa jika kita mengaksesnya dengan menggunakan http://10.10.10.160:10000 akan di forward ke page lain, tetapi […]