Difference between revisions of "Pinky's Palace: v1 ~ VulnHub - Walkthrough"

m (Methodology)
m (Discovery)
Line 15: Line 15:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
<syntaxhighlight  lang=shell-session highlight="10,11,12" line>
+
<syntaxhighlight  lang=shell-session highlight="9,10,11" line>
 
root@kali:~# nmap -O -sT -sV -p- -T5 $TANGO
 
root@kali:~# nmap -O -sT -sV -p- -T5 $TANGO
  

Revision as of 06:34, 13 June 2018

Objective

xxxxxxxxxxxxxxxxxxxxx

Source: [xxxxxx]

Status: [In Progress]

Methodology

Discovery

Identify the target

root@kali:~# nmap -sP 192.168.56.0/24
.....
root@kali:~# export TANGO=192.168.56.104
root@kali:~# nmap -O -sT -sV -p- -T5 $TANGO

Starting Nmap 7.60 ( https://nmap.org ) at 2018-03-23 19:11 EDT
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for $TANGO
Host is up (0.00098s latency).
Not shown: 65532 closed ports
PORT      STATE SERVICE    VERSION
8080/tcp  open  http       nginx 1.10.3
31337/tcp open  http-proxy Squid http proxy 3.5.23
64666/tcp open  ssh        OpenSSH 7.4p1 Debian 10+deb9u2 (protocol 2.0)
MAC Address: 08:00:27:A3:C5:2A (Oracle VirtualBox virtual NIC)
Device type: general purpose

Entry Point #1 - Port NN (XXX)

Enumeration

xxxxx


xxxxx

Exploitation

xxx xxx xxx

xxx
xxx

xxx

xxx
xxx

Final Notes

xxx

Appendix A: Vulnerability Detail and Mitigation

xxx
Rating High
Description xxxx
Impact xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Remediation xxxxxxxxxxxxxxxxx