Fariz Ihsan Yazid Blog

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

Gaining Access

After searching sensitive information inside the database, I decided to find the proper user name it means that I can access the server with proper login. next is to try login with the proper username and password.

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

Database Content Disclosure

as for this step after executing remote shell access, I started to find the vulnerabilities by searching all sensitive data on the server’s databases in here I use MySQL dump to explore all the sensitive data inside the database

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

Bypass by Upload File and Remote Code Execution

In order to bypass the access, I tried to upload some modified PHP files to get access to the directory and at the same time, I also start to listen to the open port by using Netcat thus I can access it on my terminal.

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

SQL Injection

After finding out that the target has a web application then I decided to open the IP address on the web browser. after opening the web page is open the next thing that I did is to log in the way that I did is to type with the same SQL query on username and the passwords until I reach to the next page

Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.

How to Use Nmap for Enumerating Target

In every pentest, the first step that pentester always does since it’s very important is to collect as much as possible information related to the target. In our case, we need to find which port is open, the identity of the target, discovering available host, and find what service they offer. here are the steps that I did on to get all information that is relevant.

• First, start the connection pack from Hack The Box by typing sudo openvpn (name of the downloaded connection pack) then hit enter. wait until the connection is establish
• the next step, open new tab on terminal and type nmap -sC -sV -A 10.10.10.185 wait until the result come out
• the result shows us the opening port which are
  • port 80: Apache = indicates there is open web server
  • port 22: OpenSSH = ssh shell is available to connect
• and the system that used is Linux with ubuntu as the distribution