2 November 2019
Today I am starting to write first blog post.I decided to write my pwned machines from vulnhub site. I also release writeups of hackthebox machines in my github page.You can go here:Github
The machine level is beginner.So I pwned that in a short time.First of all I used these tools;
I need to find target machine ip So I used
netdiscover tool.I started to scan my network.
Network adapter was in briged mode by the way.And I detected target ip :
I started nmap scanning after I found target ip normally.there is open 2 common port.
But I saw some info when I used
sC flag.The flag everytime work for me.
You can see there is have a domain name and the site is wordpress site.
I added the ip address to
I went to index page .Actually I went to look source codes of page ,I did but forget take screenshot :D
I always use wpscan scanning for find users .I did again and I got some username .I got my note the usernames Maybe it gonna work
The clue actually was in the machine page. Its author gave us for save our time. If read machine page You can see how many time saved.
Honestly I new learnt that.we can do password attack with wpscan.It was very useful.
I used like that :
wpscan --url http://wordy -U user.txt -P password.txt
I logon with the creds.And I went to admin page.The point was that I just stuck.
Actually I had some suspicions about
activity monitor part but I wasn’t sure.
So I looked google for be sure.
Googling didn’t work for me but I decided to try my chance on one of my favorite tools.
Searchsploit is very useful tool.I found some exploits and selected one of them.
But I was need to manage some parts of it like everytime.I run it and I got reverse shell.
I checked my rights .Of course I got connection as
But I was a file named ‘things-to-do.txt’ When I went to
/home/mark/stuff directory and read that.
There was have some creds.Of course I could try to connect with ssh but didnt try .
I continued with
I did first thing for privilege escalation when I connected a machine.
it is very usefull and simple way :
sudo -l. it show you that: explainshell
I found a bash script .I opened the script and add my line on last line.
I run it and I was be
jens user. I did same thing before last step.And I saw
nmap .First of all I tried
nmap --interactive but didnt work.
I thought for a couple of mins and I remember
nmap scripting .I haven’t been used that before but this time worked.
root user and I went to root directory but didnt seens my lines .I dont know why .
It was easy but I learnt very usefull informations ,sometimes I saw first time somethings but it was little bit long . Have a good hacks .See you next machines :)