In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article introduces you how to use HTB for Luke penetration testing, the content is very detailed, interested friends can refer to, hope to be helpful to you.
Basic information
Introduction: Hack The Box is an online penetration testing platform. It can help you improve your penetration testing skills and black box testing skills. The platform environment is a simulated real environment, which helps you better adapt to the penetration in the real environment.
Link: https://www.hackthebox.eu/home/machines/profile/190
Description:
Preface
This exercise uses the kali system to operate according to the penetration testing process, finds out the ports and services of the hotel through nmap scanning, obtains token information through enumeration, obtains users and passwords through the obtained tokens, and attempts to log in with these users, and finally uses root users to log in successfully to obtain root.txt.
1. Information collection 1. Target ip
The IP address is 10.129.2.37
2. Target machine port and service nmap-sV-A-O-T4 10.129.2.37
Open port 21 and allow anonymous login, open three http ports
Log in to ftp and download for_Chihiro.txt to kali for viewing
Temporarily know two user names: Chihiro Derry
3. Website information collection
(1) first check port 80, which is a html page without any useful information.
Enumerate through gobuster
Gobuster dir-u http://10.129.2.37-- wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Get useful directories / management and / config.php on port 80
This is a login interface.
But there is no password to collect other information and try again.
Enter / config.php and discover the existence of root user and password
(2) View port 3000
By enumerating
Gobuster dir-u http://10.129.2.37:3000-- wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Get two directories / login and / users
It is found that you need to obtain token information before you can proceed to the next step of detection.
(3) access port 8000
This is a login interface.
No useful information was found by enumeration
II. Loophole detection and utilization
Obtain token information by enumerating users on port 3000
Curl-XPOST http://10.129.2.37:3000/login-d 'username=admin&password=Zk6heYCyv6ZE9Xcg'; echo
Use this token to continue enumerating to get user information
Curl http://10.129.2.37:3000/users-H 'authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNjE1Nzg3MjE2LCJleHAiOjE2MTU4NzM2MTZ9.XBp0si9FqUP7j08jaYp0G7B23Sd-FDfi-OGMJI7oo1w' | jq.
Continue enumerating to get the user's password
Try to log in by getting the account number and password
Successfully log in to the management interface using the Derry user
Get the password in config.json: KpMasng6S5EtTy9Z
Finally, try to log in to port 8000
Password: root
Password: KpMasng6S5EtTy9Z
III. Promotion of rights
Discover the command port and create a new terminal
Because you log in directly using root, you don't need to raise the right to get the root.txt directly.
The target machine does not need to raise rights, but in the early stage, it needs to scan and collect information on the three ports, and it needs to make an enumeration attempt when the password is exploded, and finally get the password of the root account to log in and obtain root.txt.
On how to use HTB for Luke penetration testing is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.