Writeup

Machine Name: Mr. Robot Difficulty: Medium Link: https://tryhackme.com/room/mrrobot Hello guys This machine is based on the most famous web-series Mr.Robot. This is medium difficulty machine and contains three flags. So let's try capture all three flags one by one. Initial recon As usual we are going to scan all the network using nmap to check which services are running on the IP address. flags used in nmap scan -sV for service version scan -sC for scan with default NSE scripts -oA for output in the three major formats at once nmap -sV -sC -oA mrrobot 10.10.108.7  Only couple of ports are open, have a look in browser at open port 80  An interesting site shown on port 80 use gobuster to scan the whole website and it's directory type the following command in the terminal for start the search. gobuster -t 100 dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://10.10.108.7/ gobuster directory scanning shows many of hosted directory and after scanning rob...

Hello guys Today i am going to do walkthrough on the machine called Blue. This is very easy box based on the vulnerability of EternalBlue( CVE-2017-0143 ). As usual first thing we are going to do is scanning the network using the nmap tool to see which ports are open and which services are running on this machine. The flags used in the nmap scan are: -sS - for a syn scan -sV -for a service version scan -O - to identify the OS used -T4 - the speed of scan -open - to show only the open ports We notice the service running on the port 445 is SMB so we can use nmap script engine to verify this service is vulnerable or not for EternalBlue vulnerability. The flags used are: -p - to test only the port provided(in this case 445) --script=smb-vuln-ms17-010 - the nmap script to run against our target The output of the scan is shown us to machine is vulnerable. Metasploit already has this exploit, so let's fire it up to gain access. To start the metasploit console just run the command msfco...

hello guys today i will show you how to hack remote machine. As usual we need some information about the services so we need to enumerate the box. Tool name: nmap nmap is used for information gathering. # Nmap 7.80 scan initiated Sat jul 18 10:21:24 2020 as: nmap -A -sV -sC -oN remote.nmap remote.htb Nmap scan report for remote.htb (10.10.10.180) Host is up (0.21s latency). Not shown: 993 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd |_ftp-anon: Anonymous FTP login allowed (FTP code 230) | ftp-syst: |_ SYST: Windows_NT 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-title: Home - Acme Widgets 111/tcp open rpcbind 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/tcp6 rpcbind | 100000 2,3,4 111/udp rpcbind | 100000 2,3,4 111/udp6 rpcbind | 100003 2,3 2049/udp nfs | 1...