Basic pen-testing vulnhub machine 2 Hacking

Basic pen-testing vulnhub machine 2 Hacking

By Prabhudarshan Samal

This article is about a well-illustrated write-up based on hacking activities in an educational temperament and non-abusive intent.

The techniques and resources provided by the article are totally intended for educational purposes. We do not encourage any kind of malignant or malicious activities inspired by this article

Here is the source for the vulnhub machine on which we are going to perform hacking techniques

https://www.vulnhub.com/entry/basic-pentesting-2,241/

Download this machine and install it in the virtual box you can get either torrent or zip file of it but downloading the .ova file and configuring and installing it on the oracle virtual box will be smooth sailing.

So before going to the actual core techniques and steps I wish to tell you that please set the network configuration of both the settings to NATnetwork so that the two machines can work in a LAN network and the machines using the same network is hackable.

Now we start our stages to hack it

What we tried to perform here is we search for network configuration i.e ipv4 address of the hacker machine and used the command “ifconfig”

This command gives us the ipv4 address of the system and next what we tried is we performed a ping scan using the tool Nmap and went for scanning to the entire network and got some of the hosts.

This command gives us the ipv4 address of the system and next what we tried is we performed a ping scan using the tool Nmap and went for scanning to the entire network and got some of the hosts.

After performing an aggressive scan on each of the trial and error ports we came to know that port 22 which has secure shell ssh service running it also has not achieved encryption so by searching this 10.0.2.6/ as URL on the web we get

Note: Along with the explanation of the ping command and other nmap commands the scanning and enumeration stage is also parallely going.

Now after searching in URL we get a webpage under construction but we need to see the source view so we do right click and avail the view-source option

Wait a minute seems like something is fishy in this comment line it is asking for dev tools so this is our hint we go for dirbuster to obtain the directories of such files

So we find development directory now to find it out we go for 10.0.2.6/development

So here is one potential vulnerability discovered two text files are found let us peek into them

It is the content of dev.txt

Now we going to perform gaining and maintaining access stages

  1. Gaining and Maintaining access

Enum4linux is a tool to scan the ip for getting almost the user count session user information etc it is also an information-gathering tools

So here we found the user of the machine and found the password of the given user jan using bruteforcing tool hydra then by doing so we got the user as “jan” and password as “armando”

so using the ssh and the username we got to log in into the vulnhub machine and used password “armando”

And boom it's hacked!!!!!

now the we perform various Linux commands to search for password files although we get a pass.bak file yet it's unauthorized to change read write or execute permissions but we found a .ssh script that contains encrypted key

By using the john the ripper tool we created the key into the hash and again it got transformed into a readable key “beeswax”.

Using the id and password using ssh command we got the privilege to gain access on the server now on using super user-mode we access the pass. bak

Finally, after trial and error attempts of various Linux commands we were able to access the target machine and captured the flag.txt that reads the above message.