Basic Pentesting by Josiah Pierce

Photo by Markus Spiske on Unsplash
IP = 10.10.153.164*
Difficulty: Easy
Machine OS: Linux
Learning Platform: tryhackme.com
Finished on: Kali Linux VM

Reconnaissance

Syntax: sudo vi /etc/hosts , then press i to enter insert mode.

Syntax: export IP=10.10.153.164

Preliminary Enumeration

Open Ports and Service Versions:

- SSH (Secure Shell)(22), Version: OpenSSH 7.2p2
- HTTP (HyperText Transfer Protocol)(80) Version: Apache 2.4.18
- SMB (Server Message Block)(139 & 445), Version: Samba smbd 4.3.11-Ubuntu
- AJP13 (Apache JServ Protocol)(8009)
- HTTP-Proxy(8080), Version: Apache Tomcat 9.0.7

Machine OS: Ubuntu Xenial

Enumeration

dev.txt (about web development ideas)

j.txt (about password policy)

2. SMB Enumeration

Possible Usernames:

1. kay

2. jan

Possible Exploits

Exploitation

Credentials Found via Hydra

jan:armando

Privilege Escalation

Internal Enumeration

Horizontal Privilege Escalation

Explanation: we use ssh2john.py to convert kay_id_rsa file to a hash that can be used against john and writes it to a file named kay_id_rsa_hash.

Credentials Found by John

kay_id_rsa_hash:beeswax

Vertical Privilege Escalation

Note: Enumeration is key!

Credentials Found in Kay’s Home Directory

kay:hereisareallystrongpasswordthatfollowsthepasswordpolicy$$

STATUS: ROOTED

The next two steps are not necessary for completion of the machine but it completes the 5 Phases of Penetration Testing.

Post Exploitation / Maintaining Access

Clearing Tracks

Status: Finished

Feel free to reach out and if there is something wrong about the above post.

Donation Box

Not required but appreciated :D

Buy Me A Coffee

Self-taught cybersecurity learner :D