Shulou(Shulou.com)05/31 Report--

This article introduces you how to use HTB for Luke penetration testing, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Basic information

Introduction: Hack The Box is an online penetration testing platform. It can help you improve your penetration testing skills and black box testing skills. The platform environment is a simulated real environment, which helps you better adapt to the penetration in the real environment.

Link: https://www.hackthebox.eu/home/machines/profile/190

Description:

Preface

This exercise uses the kali system to operate according to the penetration testing process, finds out the ports and services of the hotel through nmap scanning, obtains token information through enumeration, obtains users and passwords through the obtained tokens, and attempts to log in with these users, and finally uses root users to log in successfully to obtain root.txt.

1. Information collection 1. Target ip

The IP address is 10.129.2.37

2. Target machine port and service nmap-sV-A-O-T4 10.129.2.37

Open port 21 and allow anonymous login, open three http ports

Log in to ftp and download for_Chihiro.txt to kali for viewing

Temporarily know two user names: Chihiro Derry

3. Website information collection

(1) first check port 80, which is a html page without any useful information.

Enumerate through gobuster

Gobuster dir-u http://10.129.2.37-- wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Get useful directories / management and / config.php on port 80

This is a login interface.

But there is no password to collect other information and try again.

Enter / config.php and discover the existence of root user and password

(2) View port 3000

By enumerating

Gobuster dir-u http://10.129.2.37:3000-- wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Get two directories / login and / users

It is found that you need to obtain token information before you can proceed to the next step of detection.

(3) access port 8000

This is a login interface.

No useful information was found by enumeration

II. Loophole detection and utilization

Obtain token information by enumerating users on port 3000

Curl-XPOST http://10.129.2.37:3000/login-d 'username=admin&password=Zk6heYCyv6ZE9Xcg'; echo

Use this token to continue enumerating to get user information

Curl http://10.129.2.37:3000/users-H 'authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNjE1Nzg3MjE2LCJleHAiOjE2MTU4NzM2MTZ9.XBp0si9FqUP7j08jaYp0G7B23Sd-FDfi-OGMJI7oo1w' | jq.

Continue enumerating to get the user's password

Try to log in by getting the account number and password

Successfully log in to the management interface using the Derry user

Get the password in config.json: KpMasng6S5EtTy9Z

Finally, try to log in to port 8000

Password: root

Password: KpMasng6S5EtTy9Z

III. Promotion of rights

Discover the command port and create a new terminal

Because you log in directly using root, you don't need to raise the right to get the root.txt directly.

The target machine does not need to raise rights, but in the early stage, it needs to scan and collect information on the three ports, and it needs to make an enumeration attempt when the password is exploded, and finally get the password of the root account to log in and obtain root.txt.

On how to use HTB for Luke penetration testing is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.