# CC: Pentesting ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddE7h9IfaVtrheEjj7%2F-MddYruNxN_Mn6q3-uyw%2Fimage.png?alt=media\&token=c6a8a207-0900-4b12-97ab-26b0e7909036) ## Nmap ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-MddZM-Km6MNpPevaz7X%2Fimage.png?alt=media\&token=ecf4cf73-6dfb-47fb-9e51-4aa7ca513173) Lets run nmap scans to find the answers to the questions ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mdd_L2WLtGl1ve-p1o6%2Fimage.png?alt=media\&token=55a57bb0-e71e-4dc3-bebb-da77536f9d19) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mdd_caMS4WT06AInwJ3%2Fimage.png?alt=media\&token=1fb8ac43-7514-4250-8352-97feaa211e40) ## Netcat ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mdd_terMYDH8HSPci7f%2Fimage.png?alt=media\&token=772c4051-334f-4146-bfb9-463e2e877a13) ## Gobuster ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mde1ySJXYlc9igheJki%2Fimage.png?alt=media\&token=86042a8d-e8bf-4c4c-9768-31afe563c640) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mde247HSXLtRXHXdhMK%2Fimage.png?alt=media\&token=5a6b8463-bca3-4bce-8f0c-31c40c3f3c6e) Lets run gobuster to find the answers to the questions ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mde3M7YM3V03oEoMlgh%2Fimage.png?alt=media\&token=df2cd8e2-7c2a-4459-bf86-641daffb5a19) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mde3PX0TcbIt48jaY4X%2Fimage.png?alt=media\&token=1edeac71-8cb5-4e49-a903-9a3f63704875) ## Nikto ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mde5pKiUlnoMsNMpac0%2Fimage.png?alt=media\&token=67bb909d-6011-4ab2-8506-d439abbe54b6) ## Metasploit ### Setting Up ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MddZ7Qh0Ra4W58_yyQT%2F-Mde6IE-oe8wf49Fythp%2Fimage.png?alt=media\&token=695d2df9-3e1c-41d9-bbda-9dfb51af6d87) ### Selecting a module ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdifGMPDknNoM3FGnTa%2Fimage.png?alt=media\&token=e46d7bbb-d600-4c5e-b07f-09b19d551215) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdifK8yl75CSHFdWp46%2Fimage.png?alt=media\&token=4095f97b-07cb-47e9-804f-868faa1a66a2) ### Meterpreter ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdifzV0MIX8OqtNPJ7i%2Fimage.png?alt=media\&token=829ce567-e534-49e4-823d-89136d026813) ### Final Walkthrough Lets select the module and set the options ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdihSodS7l1XkPgBrd8%2Fimage.png?alt=media\&token=e5213a79-6079-42fb-9702-54b617709438) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdihX0hyGmV9QXcp_4S%2Fimage.png?alt=media\&token=cf7920b2-1c91-42e1-a494-2cea5b50c8aa) Lets run the exploit ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdijH-c4bPWLtJFTiD5%2Fimage.png?alt=media\&token=5f450bf9-4338-4e37-90e8-1478007f10f9) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-Mdijg8sYV6a9TZnst8o%2Fimage.png?alt=media\&token=9608c479-d204-492a-b344-86b368b17e7d) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdijkrO7G1XR742KmfT%2Fimage.png?alt=media\&token=7431805f-f03b-4ac5-af5d-aa7299ed8450) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdijppopH2ZmMy8k6d5%2Fimage.png?alt=media\&token=e6416c77-88f3-41e7-b050-b7a5d4eabbb0) ## Hashing ### Salting and Formatting ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-Mdik11hyoBneniUOKvo%2Fimage.png?alt=media\&token=bf730823-0f54-4a58-ba6f-98c24f0321f6) ### Hashcat ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdikgN7zj74ZMbHnl9X%2Fimage.png?alt=media\&token=36dcb7bf-1403-4d79-a36f-5f501d0e144a) Lets crack the first hash ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-Mdikr-KtgcsaIwPmv3c%2Fimage.png?alt=media\&token=1fe39b62-ddc2-436f-8421-b4c86081a599) Lets crack the second hash ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdilAnMkKTuEndEeLf0%2Fimage.png?alt=media\&token=094db134-0161-44bf-851c-7f8e028d50f5) ### John The Ripper ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdilTQno2zr7PNlJ647%2Fimage.png?alt=media\&token=e0c0a1d1-6ada-4140-a79b-e02c4d38a5d9) Lets crack the first hash ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdimPKVLycccTtnL08f%2Fimage.png?alt=media\&token=6829f29d-2301-418b-a1d4-56de11586350) Lets crack the second hash ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-Mdin9itYgHm2bOEI10D%2Fimage.png?alt=media\&token=6c0ad2a4-35dd-4843-9fe2-f8a4979c7fc8) ## SQL Injection ### Sqlmap ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-Mdio9Go7_eiUGexKrkF%2Fimage.png?alt=media\&token=f48f44a6-79c9-4a85-a5b0-00fd51308301) ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdioCgB9LwvZxzGnHnw%2Fimage.png?alt=media\&token=603640d4-8b20-4828-8e8c-04714fbe34d5) ## Samba ### Smbmap ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-MdirJrwt8TM3mLPsgq7%2Fimage.png?alt=media\&token=2aa3612f-2d09-4b3c-b2e2-3ba3f8231b15) ### Smbclient ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdi6pl3IJz0mhHLTVxJ%2F-Mdirc3evINzzaNtAzgt%2Fimage.png?alt=media\&token=743a22cd-066b-4780-8aad-7b6dbc55ba1a) ## Final Exam ### Scanning Lets run some nmap scans to find open ports and services ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdirhsXIYpsj_fg6Pkk%2F-MdiskRmA54unPObIrNJ%2Fimage.png?alt=media\&token=d95b50da-bb61-4cc7-a4b5-cf3f6fb4b44d) ### Enumeration Lets visit the website ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdirhsXIYpsj_fg6Pkk%2F-Mdit0j8l0Ffyt0PYpvj%2Fimage.png?alt=media\&token=1fdf768e-9735-462a-a51d-e977d111a31d) Its a default Apache page, lets run a gobuster scan to find open directories ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdirhsXIYpsj_fg6Pkk%2F-MdiuIRLxbdkin5F-nj-%2Fimage.png?alt=media\&token=d5ce8773-dd03-43a1-a60d-21bde54d91c6) Lets visit this directory ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdirhsXIYpsj_fg6Pkk%2F-MdiuNUpa043zxRcVouj%2Fimage.png?alt=media\&token=008a527b-05b3-420a-9675-1a1c93379075) There is nothing Lets look for files within this directory. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-Mdj-fnzY4wB_dqv7suJ%2F-Mdj-lohG877YojlTzbG%2Fimage.png?alt=media\&token=70a85c6b-c43b-40ee-89db-97501e0999dc) We find a file called secret.txt . Lets see it. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdiuyoliQf4YSVRo3Es%2F-Mdiwcz7icu_LDTVQoOI%2Fimage.png?alt=media\&token=38b9d1dc-b580-4dfb-9ccc-986092888e92) We have a username and a hash, lets crack it using john the ripper. ### Exploitation ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdiuyoliQf4YSVRo3Es%2F-MdiwoVc6G_SYVOIMo7g%2Fimage.png?alt=media\&token=19f06c7f-7009-47c6-b775-322871da8a59) Lets login through ssh and read the user flag ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdiuyoliQf4YSVRo3Es%2F-Mdix-Y4Npsfs-QUqY6o%2Fimage.png?alt=media\&token=da5d52f9-8337-4f84-89e5-3303bd9033dd) ### Privilege Escalation Lets run sudo -l to see what we can run as other users. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdiuyoliQf4YSVRo3Es%2F-MdixDAhuhYLHX0DsCCd%2Fimage.png?alt=media\&token=44021ba9-0dd4-47d8-9834-88ae34e28d6c) Ok so we can run "su" as root, lets do it. ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdiuyoliQf4YSVRo3Es%2F-MdixJ6SohtDUmr-LEH7%2Fimage.png?alt=media\&token=023424b1-3cc0-4127-8d91-1da655663dfd) We are now root, we can read the root flag ![](https://1569822153-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Ma_-L-NUkJ1mxbddZG2%2F-MdiuyoliQf4YSVRo3Es%2F-MdixRDDlLnXFbXWhF37%2Fimage.png?alt=media\&token=eab93d5a-946b-4100-973c-d6a1e4680ffe)