# CC: Pentesting

![](/files/-MddYruNxN_Mn6q3-uyw)

## Nmap

![](/files/-MddZM-Km6MNpPevaz7X)

Lets run nmap scans to find the answers to the questions

![](/files/-Mdd_L2WLtGl1ve-p1o6)

![](/files/-Mdd_caMS4WT06AInwJ3)

## Netcat

![](/files/-Mdd_terMYDH8HSPci7f)

## Gobuster

![](/files/-Mde1ySJXYlc9igheJki)

![](/files/-Mde247HSXLtRXHXdhMK)

Lets run gobuster to find the answers to the questions

![](/files/-Mde3M7YM3V03oEoMlgh)

![](/files/-Mde3PX0TcbIt48jaY4X)

## Nikto

![](/files/-Mde5pKiUlnoMsNMpac0)

## Metasploit

### Setting Up

![](/files/-Mde6IE-oe8wf49Fythp)

### Selecting a module

![](/files/-MdifGMPDknNoM3FGnTa)

![](/files/-MdifK8yl75CSHFdWp46)

### Meterpreter

![](/files/-MdifzV0MIX8OqtNPJ7i)

### Final Walkthrough

Lets select the module and set the options

![](/files/-MdihSodS7l1XkPgBrd8)

![](/files/-MdihX0hyGmV9QXcp_4S)

Lets run the exploit

![](/files/-MdijH-c4bPWLtJFTiD5)

![](/files/-Mdijg8sYV6a9TZnst8o)

![](/files/-MdijkrO7G1XR742KmfT)

![](/files/-MdijppopH2ZmMy8k6d5)

## Hashing

### Salting and Formatting

![](/files/-Mdik11hyoBneniUOKvo)

### Hashcat

![](/files/-MdikgN7zj74ZMbHnl9X)

Lets crack the first hash

![](/files/-Mdikr-KtgcsaIwPmv3c)

Lets crack the second hash

![](/files/-MdilAnMkKTuEndEeLf0)

### John The Ripper

![](/files/-MdilTQno2zr7PNlJ647)

Lets crack the first hash

![](/files/-MdimPKVLycccTtnL08f)

Lets crack the second hash

![](/files/-Mdin9itYgHm2bOEI10D)

## SQL Injection

### Sqlmap

![](/files/-Mdio9Go7_eiUGexKrkF)

![](/files/-MdioCgB9LwvZxzGnHnw)

## Samba

### Smbmap

![](/files/-MdirJrwt8TM3mLPsgq7)

### Smbclient

![](/files/-Mdirc3evINzzaNtAzgt)

## Final Exam

### Scanning

Lets run some nmap scans to find open ports and services

![](/files/-MdiskRmA54unPObIrNJ)

### Enumeration 

Lets visit the website

![](/files/-Mdit0j8l0Ffyt0PYpvj)

Its a default Apache page, lets run a gobuster scan to find open directories

![](/files/-MdiuIRLxbdkin5F-nj-)

Lets visit this directory

![](/files/-MdiuNUpa043zxRcVouj)

There is nothing

Lets look for files within this directory.

![](/files/-Mdj-lohG877YojlTzbG)

We find a file called secret.txt . Lets see it.

![](/files/-Mdiwcz7icu_LDTVQoOI)

We have a username and a hash, lets crack it using john the ripper.

### Exploitation

![](/files/-MdiwoVc6G_SYVOIMo7g)

Lets login through ssh and read the user flag

![](/files/-Mdix-Y4Npsfs-QUqY6o)

### Privilege Escalation

Lets run sudo -l to see what we can run as other users.

![](/files/-MdixDAhuhYLHX0DsCCd)

Ok so we can run "su" as root, lets do it.

![](/files/-MdixJ6SohtDUmr-LEH7)

We are now root, we can read the root flag

![](/files/-MdixRDDlLnXFbXWhF37)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://writeups.adityadindi.com/tryhackme/walkthroughs-easy/cc-pentesting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.