Difference between revisions of "CTF RED 1: Walkthrough"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 24: | Line 24: | ||
Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan. | Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan. | ||
+ | Port Scan Target. | ||
+ | |||
+ | sudo nmap -v --min-rate 10000 192.168.0.155 | grep open | ||
+ | |||
+ | Discovered open port 22/tcp on 192.168.0.155 | ||
+ | Discovered open port 80/tcp on 192.168.0.155 | ||
+ | 22/tcp open ssh | ||
+ | 80/tcp open http | ||
+ | |||
+ | |||
+ | Lakukan full port scan | ||
+ | |||
+ | nmap -v -sV -sC -oN nmap 192.168.0.155 -p- | ||
+ | |||
+ | |||
+ | Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST | ||
+ | NSE: Loaded 155 scripts for scanning. | ||
+ | NSE: Script Pre-scanning. | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Initiating ARP Ping Scan at 22:28 | ||
+ | Scanning 192.168.0.155 [1 port] | ||
+ | Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts) | ||
+ | Initiating Parallel DNS resolution of 1 host. at 22:28 | ||
+ | Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed | ||
+ | Initiating SYN Stealth Scan at 22:28 | ||
+ | Scanning 192.168.0.155 [65535 ports] | ||
+ | Discovered open port 22/tcp on 192.168.0.155 | ||
+ | Discovered open port 80/tcp on 192.168.0.155 | ||
+ | Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports) | ||
+ | Initiating Service scan at 22:28 | ||
+ | Scanning 2 services on 192.168.0.155 | ||
+ | Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host) | ||
+ | NSE: Script scanning 192.168.0.155. | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 1.02s elapsed | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.07s elapsed | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Nmap scan report for 192.168.0.155 | ||
+ | Host is up (0.000096s latency). | ||
+ | Not shown: 65533 closed tcp ports (reset) | ||
+ | PORT STATE SERVICE VERSION | ||
+ | 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ||
+ | | ssh-hostkey: | ||
+ | | 3072 8d5365835252c4127249be335dd1e71c (RSA) | ||
+ | | 256 06610a49864364cab00c0f09177b33ba (ECDSA) | ||
+ | |_ 256 9b8d90472ac1dc11287d57e08a23b469 (ED25519) | ||
+ | 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) | ||
+ | |_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve... | ||
+ | | http-robots.txt: 1 disallowed entry | ||
+ | |_/wp-admin/ | ||
+ | |_http-generator: WordPress 5.8.1 | ||
+ | | http-methods: | ||
+ | |_ Supported Methods: GET HEAD POST OPTIONS | ||
+ | |_http-server-header: Apache/2.4.41 (Ubuntu) | ||
+ | MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC) | ||
+ | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel | ||
+ | |||
+ | NSE: Script Post-scanning. | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Initiating NSE at 22:28 | ||
+ | Completed NSE at 22:28, 0.00s elapsed | ||
+ | Read data files from: /usr/bin/../share/nmap | ||
+ | Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . | ||
+ | Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds | ||
+ | Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB) | ||
Revision as of 10:30, 10 February 2023
Sumber: https://readysetexploit.gitlab.io/home/vulnhub/red/
Di kali linux.
Cek IP address Kali Linux
hostname -I
192.168.0.156 fddc:e149:a774::5b6 fddc:e149:a774:0:f944:23ee:7982:825
Cari IP address Red
netdiscover -r 192.168.0.0/24
Currently scanning: Finished! | Screen View: Unique Hosts 19 Captured ARP Req/Rep packets, from 19 hosts. Total size: 1140 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor / Hostname ----------------------------------------------------------------------------- ..... 192.168.0.155 08:00:27:89:06:41 1 60 PCS Systemtechnik GmbH .....
Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.
Port Scan Target.
sudo nmap -v --min-rate 10000 192.168.0.155 | grep open
Discovered open port 22/tcp on 192.168.0.155 Discovered open port 80/tcp on 192.168.0.155 22/tcp open ssh 80/tcp open http
Lakukan full port scan
nmap -v -sV -sC -oN nmap 192.168.0.155 -p-
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST NSE: Loaded 155 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating ARP Ping Scan at 22:28 Scanning 192.168.0.155 [1 port] Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 22:28 Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed Initiating SYN Stealth Scan at 22:28 Scanning 192.168.0.155 [65535 ports] Discovered open port 22/tcp on 192.168.0.155 Discovered open port 80/tcp on 192.168.0.155 Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports) Initiating Service scan at 22:28 Scanning 2 services on 192.168.0.155 Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host) NSE: Script scanning 192.168.0.155. Initiating NSE at 22:28 Completed NSE at 22:28, 1.02s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.07s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Nmap scan report for 192.168.0.155 Host is up (0.000096s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 8d5365835252c4127249be335dd1e71c (RSA) | 256 06610a49864364cab00c0f09177b33ba (ECDSA) |_ 256 9b8d90472ac1dc11287d57e08a23b469 (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve... | http-robots.txt: 1 disallowed entry |_/wp-admin/ |_http-generator: WordPress 5.8.1 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.41 (Ubuntu) MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel NSE: Script Post-scanning. Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB)