CTF RED 1: Walkthrough
Revision as of 10:43, 10 February 2023 by Onnowpurbo (talk | contribs)
Sumber: https://readysetexploit.gitlab.io/home/vulnhub/red/
Di kali linux.
Cek IP address Kali Linux
hostname -I
192.168.0.156 fddc:e149:a774::5b6 fddc:e149:a774:0:f944:23ee:7982:825
Cari IP address Red
netdiscover -r 192.168.0.0/24
Currently scanning: Finished! | Screen View: Unique Hosts 19 Captured ARP Req/Rep packets, from 19 hosts. Total size: 1140 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor / Hostname ----------------------------------------------------------------------------- ..... 192.168.0.155 08:00:27:89:06:41 1 60 PCS Systemtechnik GmbH .....
Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.
Port Scan Target.
sudo nmap -v --min-rate 10000 192.168.0.155 | grep open
Discovered open port 22/tcp on 192.168.0.155 Discovered open port 80/tcp on 192.168.0.155 22/tcp open ssh 80/tcp open http
Lakukan full port scan
nmap -v -sV -sC -oN nmap 192.168.0.155 -p-
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST NSE: Loaded 155 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating ARP Ping Scan at 22:28 Scanning 192.168.0.155 [1 port] Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 22:28 Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed Initiating SYN Stealth Scan at 22:28 Scanning 192.168.0.155 [65535 ports] Discovered open port 22/tcp on 192.168.0.155 Discovered open port 80/tcp on 192.168.0.155 Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports) Initiating Service scan at 22:28 Scanning 2 services on 192.168.0.155 Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host) NSE: Script scanning 192.168.0.155. Initiating NSE at 22:28 Completed NSE at 22:28, 1.02s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.07s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Nmap scan report for 192.168.0.155 Host is up (0.000096s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 8d5365835252c4127249be335dd1e71c (RSA) | 256 06610a49864364cab00c0f09177b33ba (ECDSA) |_ 256 9b8d90472ac1dc11287d57e08a23b469 (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve... | http-robots.txt: 1 disallowed entry |_/wp-admin/ |_http-generator: WordPress 5.8.1 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.41 (Ubuntu) MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel NSE: Script Post-scanning. Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB)
Hasilnya, target mempunya dua port yang terbuka,
Port 22 running OpenSSH Port 80 running Apache HTTP
Kita tidak bisa berbuat banyak untuk SSH, oleh karena itu mari kita jajal web.
Coba akses Web
http://192.168.0.155/
Tampaknya wordpress, tapi dengan kondisi di hack.