Disclaimer: Please try this in a safe environment and I will not hold any responsibilities for any damage caused by this post.
Difficulty: Beginner
Requirement:
Kali Linux ( Basically you get everything you need to solve this challenge using this distro )
Some wordlist for dictionary attack later *spoiler alert*
Some food and drinks
Some patient
For a good practise to start a penetration testing, we often scan the network for the live hosts/ip range. Although we already know that the target box has a static ip address at 192.168.1.100, there will be no harm to do a simple network scanning. After setting up our Kali ip address to be in the same network as the Live CD, we scan the network using netdiscover or you may use nmap also. A series of screenshot will walk you through the whole challenge at ease.
192.168.1.100 - Target machine
192.168.1.138 - Kali machine
Let's start our reconnaissance process...
The more information = The higher chance of success!
Open ports and running services: ftp, ssh, smtp, http, pop3, imap
Note: FTP server seems to be having some problem.
Further deep scan with Nmap in aggressive mode...
Interesting results... let's head on the website see what else information we can get...
In the game-related web page, we can see some username here...
Let's harvest all the username here and might can be any help in the attacking stage later...
We got around 10 usernames harvested from the web page alone... good job!
Let's further mutate the usernames to increase the possibilities...
With the aid of some self-made scripting, we successfully mutate the usernames to more varieties... ^_^
Next step will be attacking the SSH service by using dictionary attacks...
Please note that the wordlist shown in the screenshot is definitely a much more shorter and customized dictionary for demonstration purpose only. The actual time taken during my actual attacking is much more longer than this.
From the attack, we found the login credentials for aadams...
Let's login using the credentials we found and perform further reconnaissance for more information....
Checking out the important directories: /etc/group & /etc/passwd & /etc/shadow
Next, grab the shadow content and do some cracking with the help of John, the Ripper!
Password found for the root account: tarot
Next thing in the todo list is to login to the root account...
But... don't get too excited yet! Our challenges is not yet complete!
After checking at the web page for hints, it still has something to fix yet...
Let's fix the broken FTP server...
Checking out the FTP configuration file at /etc/vsftpd.conf...
Comment out the final line as shown in the screenshot and restart the FTP service.
Next mission is to find the CEO's bank account information...
Fortunately, we can transfer the file to our local machine through the FTP server we fixed earlier... good job again!
Finding the encryption type using a custom-made script by myself and output the decrypted version of the secret file...
So now we got the CEO's bank account information.
p/s: Stay tune for the rest of the series...need some time and patient for that...
No comments:
Post a Comment