Jarvis — HackTheBox Writeup

This is a writeup for the Jarvis machine

Enumeration:

1.NMAP SCAN: CHECK SERVICES

Akuma@kali:~$ nmap -T4 -A -O -v -p - 10.10.10.143
PORT      STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u6 (protocol 2.0)
| ssh-hostkey:
| 2048 03:f3:4e:22:36:3e:3b:81:30:79:ed:49:67:65:16:67 (RSA)
| 256 25:d8:08:a8:4d:6d:e8:d2:f8:43:4a:2c:20:c8:5a:f6 (ECDSA)
|_ 256 77:d4:ae:1f:b0:be:15:1f:f8:cd:c8:15:3a:c3:69:e1 (ED25519)
80/tcp open http Apache httpd 2.4.25 ((Debian))
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
| http-methods:
|_Supported Methods: GET HEAD POST OPTIONS
|http-server-header: Apache/2.4.25 (Debian) |_http-title: Stark Hotel
64999/tcp open http Apache httpd 2.4.25 ((Debian)) | http-methods: |
Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.25 (Debian)
|_http-title: Site doesn't have a title (text/html).

2. DIRBUSTER: FIND ENTRY POINTS WITHIN THE WEB APPlication.

Akuma@kali:~$ dirb http://10.10.10.143/
-----------------
[...]
URL_BASE: http://10.10.10.143/
[...]
---- Scanning URL: http://10.10.10.143/ ----
==> DIRECTORY: http://10.10.10.143/css/
==> DIRECTORY: http://10.10.10.143/fonts/
==> DIRECTORY: http://10.10.10.143/images/
+ http://10.10.10.143/index.php (CODE:200|SIZE:23628)
==> DIRECTORY: http://10.10.10.143/js/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/
+ http://10.10.10.143/server-status (CODE:403|SIZE:300)
[...]
---- Entering directory: http://10.10.10.143/phpmyadmin/ ----
+ http://10.10.10.143/phpmyadmin/ChangeLog (CODE:200|SIZE:19186)
==> DIRECTORY: http://10.10.10.143/phpmyadmin/doc/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/examples/
+ http://10.10.10.143/phpmyadmin/favicon.ico (CODE:200|SIZE:22486)
+ http://10.10.10.143/phpmyadmin/index.php (CODE:200|SIZE:15211)
==> DIRECTORY: http://10.10.10.143/phpmyadmin/js/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/libraries/
+ http://10.10.10.143/phpmyadmin/LICENSE (CODE:200|SIZE:18092)
==> DIRECTORY: http://10.10.10.143/phpmyadmin/locale/
+ http://10.10.10.143/phpmyadmin/phpinfo.php (CODE:200|SIZE:15228)
+ http://10.10.10.143/phpmyadmin/README (CODE:200|SIZE:1520)
+ http://10.10.10.143/phpmyadmin/robots.txt (CODE:200|SIZE:26)
==> DIRECTORY: http://10.10.10.143/phpmyadmin/setup/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/sql/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/templates/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/themes/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/tmp/
==> DIRECTORY: http://10.10.10.143/phpmyadmin/vendor/

3.sqlmap

password hash and the clear-text
Exploiting the SUID

--

--

--

Mr Akuma | cyber security enthusiast |Secuirty Noob

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Arduino with Infrared Sensor

All You Need To Know About Docker Certified Associate (DCA) Exam

An Intro to Transaction Cost Analysis

Apache Superset: Under The Hood

Cross platform frameworks for mobile applications

Firebase Android

Image result for firebase gif

HTTPS SSL: Migration Guide

猫和老鼠 (2021)(Tom & Jerry)哂成版[2021-HD]CHINESE BLURAY睇戏

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akshay Jain

Akshay Jain

Mr Akuma | cyber security enthusiast |Secuirty Noob

More from Medium

CTF Walkthrough | TryHackMe | Sputnik8o

TryHackMe - Red Team OPSEC

1337UP live Intigriti CTF 2022

Throwback — Part 5 — Domain Enumeration & Kerberoast