Difference between revisions of "CTF RED 1: Walkthrough"

From OnnoWiki
Jump to navigation Jump to search
Line 24: Line 24:
 
Mac address 08:00:*  PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.
 
Mac address 08:00:*  PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.
  
 +
Port Scan Target.
 +
 +
sudo nmap -v --min-rate 10000 192.168.0.155 | grep open
 +
 +
Discovered open port 22/tcp on 192.168.0.155
 +
Discovered open port 80/tcp on 192.168.0.155
 +
22/tcp open  ssh
 +
80/tcp open  http
 +
 +
 +
Lakukan full port scan
 +
 +
nmap -v -sV -sC -oN nmap 192.168.0.155 -p-
 +
 +
 +
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST
 +
NSE: Loaded 155 scripts for scanning.
 +
NSE: Script Pre-scanning.
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Initiating ARP Ping Scan at 22:28
 +
Scanning 192.168.0.155 [1 port]
 +
Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts)
 +
Initiating Parallel DNS resolution of 1 host. at 22:28
 +
Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed
 +
Initiating SYN Stealth Scan at 22:28
 +
Scanning 192.168.0.155 [65535 ports]
 +
Discovered open port 22/tcp on 192.168.0.155
 +
Discovered open port 80/tcp on 192.168.0.155
 +
Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports)
 +
Initiating Service scan at 22:28
 +
Scanning 2 services on 192.168.0.155
 +
Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host)
 +
NSE: Script scanning 192.168.0.155.
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 1.02s elapsed
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.07s elapsed
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Nmap scan report for 192.168.0.155
 +
Host is up (0.000096s latency).
 +
Not shown: 65533 closed tcp ports (reset)
 +
PORT  STATE SERVICE VERSION
 +
22/tcp open  ssh    OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
 +
| ssh-hostkey:
 +
|  3072 8d5365835252c4127249be335dd1e71c (RSA)
 +
|  256 06610a49864364cab00c0f09177b33ba (ECDSA)
 +
|_  256 9b8d90472ac1dc11287d57e08a23b469 (ED25519)
 +
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
 +
|_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve...
 +
| http-robots.txt: 1 disallowed entry
 +
|_/wp-admin/
 +
|_http-generator: WordPress 5.8.1
 +
| http-methods:
 +
|_  Supported Methods: GET HEAD POST OPTIONS
 +
|_http-server-header: Apache/2.4.41 (Ubuntu)
 +
MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC)
 +
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 +
 +
NSE: Script Post-scanning.
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Initiating NSE at 22:28
 +
Completed NSE at 22:28, 0.00s elapsed
 +
Read data files from: /usr/bin/../share/nmap
 +
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
 +
Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds
 +
            Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB)
  
  

Revision as of 10:30, 10 February 2023

Sumber: https://readysetexploit.gitlab.io/home/vulnhub/red/


Di kali linux. Cek IP address Kali Linux

hostname -I
192.168.0.156 fddc:e149:a774::5b6 fddc:e149:a774:0:f944:23ee:7982:825

Cari IP address Red

netdiscover -r 192.168.0.0/24
Currently scanning: Finished!   |   Screen View: Unique Hosts                                                                                                                                                                                                                                                       
19 Captured ARP Req/Rep packets, from 19 hosts.   Total size: 1140                                                                                        
_____________________________________________________________________________
  IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
-----------------------------------------------------------------------------
.....                                                                            
192.168.0.155   08:00:27:89:06:41      1      60  PCS Systemtechnik GmbH                                                                                  
.....

Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.

Port Scan Target.

sudo nmap -v --min-rate 10000 192.168.0.155 | grep open
Discovered open port 22/tcp on 192.168.0.155
Discovered open port 80/tcp on 192.168.0.155
22/tcp open  ssh
80/tcp open  http


Lakukan full port scan

nmap -v -sV -sC -oN nmap 192.168.0.155 -p-


Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating ARP Ping Scan at 22:28
Scanning 192.168.0.155 [1 port]
Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 22:28
Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed
Initiating SYN Stealth Scan at 22:28
Scanning 192.168.0.155 [65535 ports]
Discovered open port 22/tcp on 192.168.0.155
Discovered open port 80/tcp on 192.168.0.155
Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports)
Initiating Service scan at 22:28
Scanning 2 services on 192.168.0.155
Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host)
NSE: Script scanning 192.168.0.155.
Initiating NSE at 22:28
Completed NSE at 22:28, 1.02s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.07s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Nmap scan report for 192.168.0.155
Host is up (0.000096s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 8d5365835252c4127249be335dd1e71c (RSA)
|   256 06610a49864364cab00c0f09177b33ba (ECDSA)
|_  256 9b8d90472ac1dc11287d57e08a23b469 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve...
| http-robots.txt: 1 disallowed entry 
|_/wp-admin/
|_http-generator: WordPress 5.8.1
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 

NSE: Script Post-scanning.
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds
           Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB) 



Referensi