seekorswim My Security Blog

WinterMute: 1

01 May 2019 | Walkthroughs
vulnhub ntopng lfi screen pivoting socat struts showcase kernel exploit tomcat
VulnHub URL: https://www.vulnhub.com/entry/wintermute-1,239/
Hostname: HOST1: straylight, HOST2: neuromancer
IP Address: HOST1: 10.183.0.211/192.168.56.102, HOST2: 192.168.56.101


Information Gathering/Recon


The IP address is obtained via DHCP at boot. In my case, the IP is 10.183.0.211.


Service Enumeration/Scanning


root@kali:~/Walkthroughs/wintermute# nmap -Pn -sT -sV -sC -A -oA wintermute-straylight -p 1-65535 10.183.0.211
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-01 13:41 EDT
Nmap scan report for straylight.homenet.dom (10.183.0.211)
Host is up (0.0014s latency).
Not shown: 65532 closed ports
PORT     STATE SERVICE            VERSION
25/tcp   open  smtp               Postfix smtpd
|_smtp-commands: straylight, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8,
| ssl-cert: Subject: commonName=straylight
| Subject Alternative Name: DNS:straylight
| Not valid before: 2018-05-12T18:08:02
|_Not valid after:  2028-05-09T18:08:02
|_ssl-date: TLS randomness does not represent time
80/tcp   open  http               Apache httpd 2.4.25 ((Debian))
|_http-server-header: Apache/2.4.25 (Debian)
|_http-title: Night City
3000/tcp open  hadoop-tasktracker Apache Hadoop
| hadoop-datanode-info:
|_  Logs: submit
| hadoop-tasktracker-info:
|_  Logs: submit
| http-title: Welcome to ntopng
|_Requested resource was /lua/login.lua?referer=/
|_http-trane-info: Problem with XML parsing of /evox/about
MAC Address: 08:00:27:50:96:D9 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Host:  straylight

TRACEROUTE
HOP RTT     ADDRESS
1   1.43 ms straylight.homenet.dom (10.183.0.211)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.91 seconds

Read more...

SkyTower: 1

26 Apr 2019 | Walkthroughs
vulnhub sqli squid proxychains sudo cat
VulnHub URL: https://www.vulnhub.com/entry/skytower-1,96/
Hostname: SkyTower
IP Address: 10.183.0.228


Information Gathering/Recon


The IP address is obtained via DHCP at boot. In my case, the IP is 10.183.0.228.


Service Enumeration/Scanning


root@kali:~/Walkthroughs/skytower# nmap -Pn -sT -sV -sC -A -oA skytower -p 1-65535 10.183.0.228
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 10:06 EDT
Nmap scan report for SkyTower.homenet.dom (10.183.0.228)
Host is up (0.0012s latency).
Not shown: 65532 closed ports
PORT     STATE    SERVICE    VERSION
22/tcp   filtered ssh
80/tcp   open     http       Apache httpd 2.2.22 ((Debian))
|_http-server-header: Apache/2.2.22 (Debian)
|_http-title: Site doesn't have a title (text/html).
3128/tcp open     http-proxy Squid http proxy 3.1.20
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported: GET HEAD
|_http-server-header: squid/3.1.20
|_http-title: ERROR: The requested URL could not be retrieved
MAC Address: 08:00:27:54:4A:37 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 - 3.10, Linux 3.2 - 3.16
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   1.18 ms SkyTower.homenet.dom (10.183.0.228)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.87 seconds

Read more...

VulnOS: 2

15 Apr 2019 | Walkthroughs
vulnhub drupal opendocman sqli john kernel exploit overlayfs
VulnHub URL: https://www.vulnhub.com/entry/vulnos-2,147/
Hostname: VulnOSv2
IP Address: 10.183.0.181


Information Gathering/Recon


The IP address is obtained via DHCP at boot. In my case, the IP is 10.183.0.181.


Service Enumeration/Scanning


root@kali:~/Walkthroughs/vulnosv2# nmap -Pn -sT -sV -A -oA vulnosv2 -p 1-65535 10.183.0.181
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-20 18:09 EDT
Nmap scan report for VulnOSv2.homenet.dom (10.183.0.181)
Host is up (0.0028s latency).
Not shown: 65532 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh      OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   1024 f5:4d:c8:e7:8b:c1:b2:11:95:24:fd:0e:4c:3c:3b:3b (DSA)
|   2048 ff:19:33:7a:c1:ee:b5:d0:dc:66:51:da:f0:6e:fc:48 (RSA)
|   256 ae:d7:6f:cc:ed:4a:82:8b:e8:66:a5:11:7a:11:5f:86 (ECDSA)
|_  256 71:bc:6b:7b:56:02:a4:8e:ce:1c:8e:a6:1e:3a:37:94 (ED25519)
80/tcp   open  http    Apache httpd 2.4.7 ((Ubuntu))
|_http-server-header: Apache/2.4.7 (Ubuntu)
|_http-title: VulnOSv2
6667/tcp open  irc     ngircd
MAC Address: 08:00:27:57:4F:AA (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Host: irc.example.net; OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE
HOP RTT     ADDRESS
1   2.80 ms VulnOSv2.homenet.dom (10.183.0.181)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.07 seconds

Read more...