http://localhost:1313/categories/wiretups/ Recent content in Wiretups on Kebir Moundir Chemseddine Hugo en-us Wed, 16 Jun 2021 00:44:44 -0800 http://localhost:1313/wiretups/alfred-machine/ Wed, 16 Jun 2021 00:44:44 -0800 http://localhost:1313/wiretups/alfred-machine/ <p><strong>This guide is meant to be used as a supplement for learning, please tackle this on your own before reading this!</strong></p> <ol> <li><a href="#1" rel="">How many TCP ports are open?</a></li> <li><a href="#2" rel="">What is the username and password for the log in panel?</a></li> <li><a href="#3" rel="">Find a feature of the tool that allows you to execute commands on the underlying system.</a></li> <li><a href="#4" rel="">What is the user.txt flag?</a></li> <li><a href="#5" rel="">Switching shells</a></li> <li><a href="#6" rel="">Size of the payload</a></li> <li><a href="#7" rel="">Token Impersonation</a></li> <li><a href="#8" rel="">Output of guid command</a></li> <li><a href="#9" rel="">Migrating and finding root.txt</a></li> </ol> <!-- raw HTML omitted --> <h2 id="1-the-first-question-asks-for-the-number-of-tcp-ports-open-we-can-use-a-nmap-scan-for-this">1) The first question asks for the number of TCP ports open, we can use a nmap scan for this.</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nmap -vv -sC -sV -A -Pn -oN nmap.log <span class="o">{</span>target_ip_here<span class="o">}</span> </span></span></code></pre></div><p><img class="lazyload" src="http://localhost:1313/svg/loading.min.svg" data-src="https://user-images.githubusercontent.com/60508293/121830197-5854e580-cc79-11eb-9b1e-222a48c6e248.png" data-srcset="https://user-images.githubusercontent.com/60508293/121830197-5854e580-cc79-11eb-9b1e-222a48c6e248.png, https://user-images.githubusercontent.com/60508293/121830197-5854e580-cc79-11eb-9b1e-222a48c6e248.png 1.5x, https://user-images.githubusercontent.com/60508293/121830197-5854e580-cc79-11eb-9b1e-222a48c6e248.png 2x" data-sizes="auto" alt="https://user-images.githubusercontent.com/60508293/121830197-5854e580-cc79-11eb-9b1e-222a48c6e248.png" title="image" /> <img class="lazyload" src="http://localhost:1313/svg/loading.min.svg" data-src="https://user-images.githubusercontent.com/60508293/121830228-699df200-cc79-11eb-8f13-f8aff52090b5.png" data-srcset="https://user-images.githubusercontent.com/60508293/121830228-699df200-cc79-11eb-8f13-f8aff52090b5.png, https://user-images.githubusercontent.com/60508293/121830228-699df200-cc79-11eb-8f13-f8aff52090b5.png 1.5x, https://user-images.githubusercontent.com/60508293/121830228-699df200-cc79-11eb-8f13-f8aff52090b5.png 2x" data-sizes="auto" alt="https://user-images.githubusercontent.com/60508293/121830228-699df200-cc79-11eb-8f13-f8aff52090b5.png" title="image" /></p> http://localhost:1313/wiretups/doctor-machine/ Tue, 01 Dec 2020 21:57:40 +0800 http://localhost:1313/wiretups/doctor-machine/ <h1 id="doctor-linux">Doctor (Linux)</h1> <figure><a class="lightgallery" href="http://localhost:1313/wiretups/doctor-machine/pics/logo.png" title="/wiretups/doctor-machine/pics/logo.png" data-thumbnail="/wiretups/doctor-machine/pics/logo.png" data-sub-html="<h2>doctor-machine</h2>"> <img class="lazyload" src="http://localhost:1313/svg/loading.min.svg" data-src="http://localhost:1313/wiretups/doctor-machine/pics/logo.png" data-srcset="http://localhost:1313/wiretups/doctor-machine/pics/logo.png, http://localhost:1313/wiretups/doctor-machine/pics/logo.png 1.5x, http://localhost:1313/wiretups/doctor-machine/pics/logo.png 2x" data-sizes="auto" alt="/wiretups/doctor-machine/pics/logo.png" /> </a><figcaption class="image-caption">doctor-machine</figcaption> </figure> <h2 id="enumeration">Enumeration</h2> <pre tabindex="0"><code>rustscan --ulimit 5000 10.129.2.21 -- -sV -o port_scan PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack Apache httpd 2.4.41 ((Ubuntu)) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel </code></pre><h3 id="examine-port-80---apache-server">Examine Port 80 - Apache server</h3> <p>Accessing Port 80 via the browser, reveals a website which contains information regarding services and contacts of several doctors.</p>