Security Journal

This machine was nice. I learnt something new: remote file inclusion. There are many examples on google. Google it. Let's start: # Nmap 7.60 scan initiated Sun Feb 18 12:37:05 2018 as: nmap -sV -sC -p- -oN nmap.txt 10.0.2.23 Nmap scan report for 10.0.2.23 Host is up (0.00014s latency). Not shown: 65531 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.10 ((Debian)) |_http-server-header: Apache/2.4.10 (Debian) |_http-title: PwnLab Intranet Image Hosting 111/tcp open rpcbind 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100024 1 37405/udp status |_ 100024 1 49755/tcp status 3306/tcp open mysql MySQL 5.5.47-0+deb8u1 | mysql-info: | Protocol: 10 | Version: 5.5.47-0+deb8u1 | Thread ID: 38 | Capabilities flags: 63487 | Some Capabilities: Support41Auth, ConnectWithDatabase, LongPassword, SupportsL...

This Machine was not easy. I had to have a little patience. Cause, when you think you're going to some place, you're not. It got me trolled all the time. Let's start: # Nmap 7.60 scan initiated Sat Feb 24 11:50:53 2018 as: nmap -sV -sC -p- -oN nmap.txt 10.0.2.10 Nmap scan report for 10.0.2.10 Host is up (0.00017s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.2 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rwxrwxrwx 1 1000 0 8068 Aug 09 2014 lol.pcap [NSE: writeable] | ftp-syst: | STAT: | FTP server status: | Connected to 10.0.2.21 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 600 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 5 | vsFTPd 3.0.2 - secure, fast, stable |_End of status 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2...

This machine was cool, it was hard. It took many hours to solve this. Let's start: # Nmap 7.60 scan initiated Fri Mar 16 20:11:28 2018 as: nmap -sV -sC -p- -oN nmap.txt 10.0.2.31 Nmap scan report for 10.0.2.31 Host is up (0.00014s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.5b 80/tcp open http Apache httpd 2.4.25 ((Debian)) | http-robots.txt: 4 disallowed entries | /login.php /dev_shell.php /lat_memo.html |_/passwords.html |_http-server-header: Apache/2.4.25 (Debian) |_http-title: Site doesn't have a title (text/html). 25468/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u2 (protocol 2.0) | ssh-hostkey: | 2048 84:f2:f8:e5:ed:3e:14:f3:93:d4:1e:4c:41:3b:a2:a9 (RSA) | 256 5b:98:c7:4f:84:6e:fd:56:6a:35:16:83:aa:9c:ea:f8 (ECDSA) |_ 256 39:16:56:fb:4e:0f:50:85:40:d3:53:22:41:43:38:15 (EdDSA) MAC Address: 08:00:27:C0:CC:74 (Oracle VirtualBox virtual NIC) Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:l...

This Vm is cool. They always are. Let's start: # Nmap 7.60 scan initiated Tue Feb 20 16:04:52 2018 as: nmap -sV -sC -p- -oN nmap.txt 10.0.2.24 Nmap scan report for 10.0.2.24 Host is up (0.00021s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10 (protocol 2.0) | ssh-hostkey: | 2048 d0:6a:10:e0:fb:63:22:be:09:96:0b:71:6a:60:ad:1a (RSA) | 256 ac:2c:11:1e:e2:d6:26:ea:58:c4:3e:2d:3e:1e:dd:96 (ECDSA) |_ 256 13:b3:db:c5:af:62:c2:b1:60:7d:2f:48:ef:c3:13:fc (EdDSA) 80/tcp open http nginx 1.10.3 |_http-server-header: nginx/1.10.3 |_http-title: Welcome to nginx! 31337/tcp open http Werkzeug httpd 0.11.15 (Python 3.5.3) | http-robots.txt: 3 disallowed entries |_/.bashrc /.profile /taxes |_http-server-header: Werkzeug/0.11.15 Python/3.5.3 |_http-title: 404 Not Found MAC Address: 08:00:27:EC:98:F3 (Oracle VirtualBox virtual NIC) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection pe...