search

🐧MoneyBox

192.168.84.230

hashtag
Enumeration

map 192.168.84.230 -p- -sV

Results :

hashtag
Port 21 Enum

ftp [email protected] Found that FTP does allow anonymous login. One file listed.

trytofind.jpg

hashtag
Port 22 Enum

Banner grab.

Banner

hashtag
Port 80 Enum

Landing page.

Dirbuster results.

Dirbuster Scan

Found at /blogs/index.html source code.

Found at /S3cr3t-T3xt/index.html source code.

hashtag
Steganography

HAD TO GET HINT HERE

Got hint that there may be information hidden in the trytofind.jpg. Used https://futureboy.us/steganoarrow-up-right Use stenography decoder along with the secret key .

hashtag
Shell

Started brute forcing SSH with Hydra.

Found that there is another user named lily.

After a while had to get another hint. But did notice port 22 open internally. After going back and reviewing a video. If I had checked lily's authorized keys I would of found that renu's was authorized to be used by lily.

Tried connecting with lily and the id_rsa found in renu's file but it did not work.

Was able to use SSH to get from renu to lily with id_rsa in renu/.ssh/

Checked the user's sudo permissions

sudo permissions

hashtag
Root

Using a privilege escalation from GTFO bins.

Root

Source: https://gtfobins.github.io/gtfobins/perl/arrow-up-right

PreviousFunBoxRookieNextCyberSploit1

Last updated