Moria: 1.1
23.Get Hash credential
Scanning/Discovering/Eunmeration
In Browe get pic
- navigate /w/h dir on browser
- Check out the http serv on browser
- then find directory _abyss/.
- nmap -sV 192.168.107.1/24
- ifconfig
nothing useful found
- using John Ripper
Login Credentials in the given image.
- SSH login credential in the plain text ✅
- privilege escalation ✅
Exploiting Vuln
:
24.Found the salt
no clue on web server
- dirb to check if any hidden dir
found another directory inside w/h/i/s/p/e/r. ⛔
7.On opening the_abyss, we got some tex
- cluster of random texts
9.noted them because they might be Login Credentials.
Success ✅
connect with FTP port
- FTP login
TCP Dump
- tcpdump -i etho dst 192.168.107.158
- password clue from the Hex value
- Get Mellon password
After login in FTP
- FTP Login credential ✅
- used pwd command
16.found the path to be /prisin hope of getting a flagon.
17.but it was worthless ⛔ : :
18.Then Using Cd command
- found a folder named var ✅
- got to /var/www/html
- Then finally found the folder QlVraKW4fbIkXau9zkAPNGzviT3UKntl : : ⭐
Check out the browser
- Get Prisoner’s name and Passkey as ✅
Decryption can give us clue
privilege escalation
- SSH login
user credentials decrypted to login in ssh
27,ssh Ori@192.168.1.125 :
- got the bash shell ✅
- running ls-al command
For search flag
30.found a text file named poem
But we didn’t find any flag inside it ⛔
look .ssh/ directory
Inside the flag.txt
- found the know_hosts file and id_rsa
contains the private key
- cat id_rsa command
use this information for ssh login as a root user. ✅
- found the host “127.0.0.1
got the ROOT by
- ssh -i id_rsa root@127.0.0.1
ls -la command
35.found a flag.txt.
36.got the Final Message “All that is gold does not glitter”! 🚩 🚩 🚩