Saihat's Network Security Blog

Introduction Today we're doing a boot2root pentest walkthrough of the Escalate My Privilege machine, created by Akansha Sachin Verma and hosted at https://www.vulnhub.com/entry/escalate-my-privileges-1,448/ . For this pentest, I will be using two virtual machines. A Kali Linux machine as the attacking system, and the Escalate My Privileges machine as the target system. Locating The Target This machine is configured so that the default login screen indicates the system's IP address on the network. Very nice! Our target system is at 10.0.2.30 . Scanning and Enumeration We start our scans with nmap to determine which TCP ports are open on the target. nmap -T4 -p- 10.0.2.30 Five open ports. We'll plug these open ports into nmap again for a more detailed scan. nmap -T4 -A -p22,80,111,2049,20048 10.0.2.30 phpbash.php seems like a very likely target for a Local File Inclusion (LFI) vulnerability. We will definitely check it out in a bit. Next...

Introduction Today we're doing a boot2root pentest walkthrough of the DC-5 machine, created by DCAU and hosted at https://www.vulnhub.com/entry/dc-5,314/ . For this pentest, I will be using two virtual machines.  A Kali Linux machine as the attacking system, and the DC-5 machine as the target system.   Locating The Target Running nediscover from our attacking machine, we can locate where the target machine is on our network. netdiscover -r 10.0.2.0/24 Our target system is at 10.0.2.29 . Scanning and Enumeration We start our scans with nmap to determine which TCP ports are open on the target. nmap -T4 -p- 10.0.2.29 ; nmap -T4 -sU -F 10.0.2.29 Three open ports.  We'll run these through nmap again to get more info. nmap -T4 -A -p80,111,54845 10.0.2.29 Finding a Way In Not much here. The documentation for this machine stated that the way into the machine was located on a page that changed on refresh, so we'll take a look at the target's web server. http://10.0.2.29 Th...

Introduction Today we're doing a boot2root pentest walkthrough of the LazySysAdmin machine, created by Togie Mcdogie and hosted at https://www.vulnhub.com/entry/lazysysadmin-1,205/ . For this pentest, I will be using two virtual machines. A Kali Linux machine as the attacking system, and the LazySysAdmin machine as the target system. Locating The Target Running nediscover from our attacking machine, we can locate where the target machine is on our network. netdiscover -r 10.0.2.0/24 Our target system is at 10.0.2.28 . Scanning and Enumeration We start our scans with nmap to determine which TCP ports are open on the target. nmap -T4 -p- 10.0.2.28 A nice array of open ports. Let's plug these into nmap again to get further info. nmap -T4 -A -p22,80,139,445,3306,6667 10.0.2.28 There are some interesting entries in the robots.txt file that we'll want to check out later. For now, we'll run a Nikto scan against the web server. nikto -h 10.0.2.28 Two im...