Difference between revisions of "CTF RED 1: Walkthrough"

From OnnoWiki
Jump to navigation Jump to search
Line 107: Line 107:
 
Kita tidak bisa berbuat banyak untuk SSH, oleh karena itu mari kita jajal web.
 
Kita tidak bisa berbuat banyak untuk SSH, oleh karena itu mari kita jajal web.
 
   
 
   
 +
Coba akses Web
 +
 +
http://192.168.0.155/
 +
 +
Tampaknya wordpress, tapi dengan kondisi di hack.
 +
 +
 +
 +
 +
  
  

Revision as of 10:43, 10 February 2023

Sumber: https://readysetexploit.gitlab.io/home/vulnhub/red/


Di kali linux. Cek IP address Kali Linux

hostname -I
192.168.0.156 fddc:e149:a774::5b6 fddc:e149:a774:0:f944:23ee:7982:825

Cari IP address Red

netdiscover -r 192.168.0.0/24
Currently scanning: Finished!   |   Screen View: Unique Hosts                                                                                                                                                                                                                                                       
19 Captured ARP Req/Rep packets, from 19 hosts.   Total size: 1140                                                                                        
_____________________________________________________________________________
  IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
-----------------------------------------------------------------------------
.....                                                                            
192.168.0.155   08:00:27:89:06:41      1      60  PCS Systemtechnik GmbH                                                                                  
.....

Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.

Port Scan Target.

sudo nmap -v --min-rate 10000 192.168.0.155 | grep open
Discovered open port 22/tcp on 192.168.0.155
Discovered open port 80/tcp on 192.168.0.155
22/tcp open  ssh
80/tcp open  http


Lakukan full port scan

nmap -v -sV -sC -oN nmap 192.168.0.155 -p-


Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating ARP Ping Scan at 22:28
Scanning 192.168.0.155 [1 port]
Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 22:28
Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed
Initiating SYN Stealth Scan at 22:28
Scanning 192.168.0.155 [65535 ports]
Discovered open port 22/tcp on 192.168.0.155
Discovered open port 80/tcp on 192.168.0.155
Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports)
Initiating Service scan at 22:28
Scanning 2 services on 192.168.0.155
Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host)
NSE: Script scanning 192.168.0.155.
Initiating NSE at 22:28
Completed NSE at 22:28, 1.02s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.07s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Nmap scan report for 192.168.0.155
Host is up (0.000096s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 8d5365835252c4127249be335dd1e71c (RSA)
|   256 06610a49864364cab00c0f09177b33ba (ECDSA)
|_  256 9b8d90472ac1dc11287d57e08a23b469 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve...
| http-robots.txt: 1 disallowed entry 
|_/wp-admin/
|_http-generator: WordPress 5.8.1
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.41 (Ubuntu)
MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 

NSE: Script Post-scanning.
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Initiating NSE at 22:28
Completed NSE at 22:28, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds
           Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB) 

Hasilnya, target mempunya dua port yang terbuka,

   Port 22 running OpenSSH
   Port 80 running Apache HTTP

Kita tidak bisa berbuat banyak untuk SSH, oleh karena itu mari kita jajal web.

Coba akses Web

http://192.168.0.155/

Tampaknya wordpress, tapi dengan kondisi di hack.






Referensi