Disclaimer:All blog posts that are related to ethical hacking are used for educational purposes only.
Gaining Access
After searching sensitive information inside the database, I decided to find the proper user name it means that I can access the server with proper login. next is to try login with the proper username and password.
Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
Database Content Disclosure
as for this step after executing remote shell access, I started to find the vulnerabilities by searching all sensitive data on the server’s databases in here I use MySQL dump to explore all the sensitive data inside the database
Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
Bypass by Upload File and Remote Code Execution
In order to bypass the access, I tried to upload some modified PHP files to get access to the directory and at the same time, I also start to listen to the open port by using Netcat thus I can access it on my terminal.
Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
SQL Injection
After finding out that the target has a web application then I decided to open the IP address on the web browser. after opening the web page is open the next thing that I did is to log in the way that I did is to type with the same SQL query on username and the passwords until I reach to the next page
Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
How to Use Nmap for Enumerating Target
In every pentest, the first step that pentester always does since it’s very important is to collect as much as possible information related to the target. In our case, we need to find which port is open, the identity of the target, discovering available host, and find what service they offer. here are the steps that I did on to get all information that is relevant.
First, start the connection pack from Hack The Box by typing sudo openvpn (name of the downloaded connection pack) then hit enter. wait until the connection is establish
the next step, open new tab on terminal and type nmap -sC -sV -A 10.10.10.185 wait until the result come out
the result shows us the opening port which are
port 80: Apache = indicates there is open web server
port 22: OpenSSH = ssh shell is available to connect
and the system that used is Linux with ubuntu as the distribution
Disclaimer: All blog posts that are related to ethical hacking are used for educational purposes only.
On this blog, I will post the process of pentest of my group from my perspective. The target that we choose is a dedicated server that is free to use on the purpose of Ethical Hacking and that server is provided from htb. For the machine, the name is Magic as for the system that is used is Linux Machine and according to the website, the difficulty is medium as for tools and steps that we used are Nmap, SQL Injection (login page exploitation), Reverse-shell, Netcat, and mysqldump.