Basic Pentesting -2
CYBER KILL CHAIN
Reconnaissance:
we got total 6 ports are open including smb port as well which we can use for enumerate users
the web port is also opened lets try to open website to find any information
we can not find much information from web page
Let’s do some directory scan using dirbuster
we got few directory lets get into each of them
as we can see in development directory there two files lets open them
from both files there are two user starting with letter k and j
let’s do some smb enumeration to find out the users names using enum4linux
We got two users names kay and jan
ssh port is open lets do Brute-force the password
We found the password for user jan ,Let’s login to jan user
we found user flag local.txt
In other user name kay we found a file called pass.bak
I tried open with cat command but permission is denied
so using find command we can see the permission to open the file
find / -perm -u=s -type f 2>/dev/null
using vim text editor you can open the file
we found the kay password , using this credentials we will login to kay
We successfully login in to kay account account , now we need to search for privilege escalation
Using sudo -l there is no password to login as admin , just use sudo su to login as root
Finally we found the root flag