CTF RED 1: Walkthrough
Revision as of 10:30, 10 February 2023 by Onnowpurbo (talk | contribs)
Sumber: https://readysetexploit.gitlab.io/home/vulnhub/red/
Di kali linux.
Cek IP address Kali Linux
hostname -I
192.168.0.156 fddc:e149:a774::5b6 fddc:e149:a774:0:f944:23ee:7982:825
Cari IP address Red
netdiscover -r 192.168.0.0/24
Currently scanning: Finished! | Screen View: Unique Hosts 19 Captured ARP Req/Rep packets, from 19 hosts. Total size: 1140 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor / Hostname ----------------------------------------------------------------------------- ..... 192.168.0.155 08:00:27:89:06:41 1 60 PCS Systemtechnik GmbH .....
Mac address 08:00:* PCS systemtechnik tampaknya adalah MAC dari VirtualBox. Maka IP address Red kita dapatkan.
Port Scan Target.
sudo nmap -v --min-rate 10000 192.168.0.155 | grep open
Discovered open port 22/tcp on 192.168.0.155 Discovered open port 80/tcp on 192.168.0.155 22/tcp open ssh 80/tcp open http
Lakukan full port scan
nmap -v -sV -sC -oN nmap 192.168.0.155 -p-
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-09 22:28 EST NSE: Loaded 155 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating ARP Ping Scan at 22:28 Scanning 192.168.0.155 [1 port] Completed ARP Ping Scan at 22:28, 0.02s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 22:28 Completed Parallel DNS resolution of 1 host. at 22:28, 0.01s elapsed Initiating SYN Stealth Scan at 22:28 Scanning 192.168.0.155 [65535 ports] Discovered open port 22/tcp on 192.168.0.155 Discovered open port 80/tcp on 192.168.0.155 Completed SYN Stealth Scan at 22:28, 2.68s elapsed (65535 total ports) Initiating Service scan at 22:28 Scanning 2 services on 192.168.0.155 Completed Service scan at 22:28, 13.24s elapsed (2 services on 1 host) NSE: Script scanning 192.168.0.155. Initiating NSE at 22:28 Completed NSE at 22:28, 1.02s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.07s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Nmap scan report for 192.168.0.155 Host is up (0.000096s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 8d5365835252c4127249be335dd1e71c (RSA) | 256 06610a49864364cab00c0f09177b33ba (ECDSA) |_ 256 9b8d90472ac1dc11287d57e08a23b469 (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Hacked By Red – Your site has been Hacked! You\xE2\x80\x99ll neve... | http-robots.txt: 1 disallowed entry |_/wp-admin/ |_http-generator: WordPress 5.8.1 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.41 (Ubuntu) MAC Address: 08:00:27:89:06:41 (Oracle VirtualBox virtual NIC) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel NSE: Script Post-scanning. Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Initiating NSE at 22:28 Completed NSE at 22:28, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.17 seconds Raw packets sent: 65536 (2.884MB) | Rcvd: 65536 (2.621MB)