Basic Pentesting -2

CYBER KILL CHAIN

Reconnaissance:

we got total 6 ports are open including smb port as well which we can use for enumerate users

the web port is also opened lets try to open website to find any information

we can not find much information from web page

Let’s do some directory scan using dirbuster

we got few directory lets get into each of them

as we can see in development directory there two files lets open them

from both files there are two user starting with letter k and j

let’s do some smb enumeration to find out the users names using enum4linux

We got two users names kay and jan

ssh port is open lets do Brute-force the password

We found the password for user jan ,Let’s login to jan user

we found user flag local.txt

In other user name kay we found a file called pass.bak

I tried open with cat command but permission is denied

so using find command we can see the permission to open the file

find / -perm -u=s -type f 2>/dev/null

using vim text editor you can open the file

we found the kay password , using this credentials we will login to kay

We successfully login in to kay account account , now we need to search for privilege escalation

Using sudo -l there is no password to login as admin , just use sudo su to login as root

Finally we found the root flag