Difference between revisions of "Bob: 1.0.1 ~ Vulnhub - Walkthrough"

m (Methodology)
m (Methodology)
Line 21: Line 21:
 
MAC Address: 08:00:27:C0:CC:74 (Oracle VirtualBox virtual NIC)
 
MAC Address: 08:00:27:C0:CC:74 (Oracle VirtualBox virtual NIC)
 
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
 
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
 +
</syntaxhighlight>
 +
 +
=== Entry Point #1 - Port 80 (HTTP) ===
 +
==== Enumeration ====
 +
<syntaxhighlight  lang=shell-session highlight="" line>
 +
root@blaksec:~# nikto -h $TANGO
 +
- Nikto v2.1.6
 +
---------------------------------------------------------------------------
 +
+ Target IP:          192.168.56.101
 +
+ Target Hostname:    192.168.56.101
 +
+ Target Port:        80
 +
+ Start Time:        2018-05-24 18:19:38 (GMT-4)
 +
---------------------------------------------------------------------------
 +
+ Server: Apache/2.4.25 (Debian)
 +
+ Server leaks inodes via ETags, header found with file /, fields: 0x591 0x5669af30ee8f1
 +
+ The anti-clickjacking X-Frame-Options header is not present.
 +
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
 +
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
 +
+ No CGI Directories found (use '-C all' to force check all possible dirs)
 +
+ Entry '/dev_shell.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
 +
+ Entry '/lat_memo.html' in robots.txt returned a non-forbidden or redirect HTTP code (200)
 +
+ Entry '/passwords.html' in robots.txt returned a non-forbidden or redirect HTTP code (200)
 +
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
 +
+ OSVDB-3233: /icons/README: Apache default file found.
 +
+ /login.html: Admin login page/section found.
 +
+ 7539 requests: 0 error(s) and 10 item(s) reported on remote host
 +
+ End Time:          2018-05-24 18:19:49 (GMT-4) (11 seconds)
 +
---------------------------------------------------------------------------
 
</syntaxhighlight>
 
</syntaxhighlight>

Revision as of 06:31, 31 May 2018

Objective

Get the flag in /

Source: [VulnHub.com]

Status: [In Progress]

Methodology

Define our target

root@kali:# export TANGO=192.168.56.101

Discovery

root@kali:# nmap -O -p- -sT -sV -T5 -o nmap.txt $TANGO

PORT      STATE SERVICE VERSION
21/tcp    open  ftp     ProFTPD 1.3.5b
80/tcp    open  http    Apache httpd 2.4.25 ((Debian))
25468/tcp open  ssh     OpenSSH 7.4p1 Debian 10+deb9u2 (protocol 2.0)
MAC Address: 08:00:27:C0:CC:74 (Oracle VirtualBox virtual NIC)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Entry Point #1 - Port 80 (HTTP)

Enumeration

root@blaksec:~# nikto -h $TANGO
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.56.101
+ Target Hostname:    192.168.56.101
+ Target Port:        80
+ Start Time:         2018-05-24 18:19:38 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.4.25 (Debian)
+ Server leaks inodes via ETags, header found with file /, fields: 0x591 0x5669af30ee8f1 
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Entry '/dev_shell.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/lat_memo.html' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/passwords.html' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS 
+ OSVDB-3233: /icons/README: Apache default file found.
+ /login.html: Admin login page/section found.
+ 7539 requests: 0 error(s) and 10 item(s) reported on remote host
+ End Time:           2018-05-24 18:19:49 (GMT-4) (11 seconds)
---------------------------------------------------------------------------