Vulnerable target computer

Ohjeet Vagrantfile :n luomiseen kopioitu Tero Karvisen kurssista

Lataa Vagrant ja Virtualbox
apt-get install vagrant virtualbox virtualbox-dkms

Luodaan Vagrantfile
nano Vagrantfile

Kopioidaan/Kirjoitetaan ohjeet
Vagrant.configure(“2”) do |config|
config.vm.box = “tonijaaskelainen/ms2”
config.vm.network “private_network”, :name => ‘vboxnet0’, :adapter => 1
end

Käynnistetään Vagrant
vagrant up

Tapetaan prosessi jos alkaa lagaa
Ctrl-c

Katsotaan kohdekoneen ip
ip route

Homework 4. HackTheBox

Tehtävänanto on kopioitu Tero Karvisen sivulta:
http://terokarvinen.com/2019/penetration-testing-tunkeutumistestaus-ict4tn027-3004-intensive-summer-course-2019-w21w22-5-credits

a) Hedelmiä matalalla. Mitkä vaikuttavat HackTheBoxin helpoimmilta kohteilta? Tiedustele HackTheBox-verkko esimerkiksi porttiskannerilla ja ryömijällä. Noudata Rules-kohdassa annettua scopea.

Nämä vaikuttavat helpoilta:
Netmon –> Sain molemmat flag :it
Help
SwagShop
Luke

HackTheBox :n verkkoavaruus ja koneet scannattuna nmap :lla

msf5 > db_nmap 10.10.10.0/24
[*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-27 06:20 UTC
[*] Nmap: Nmap scan report for 10.10.10.2
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: All 1000 scanned ports on 10.10.10.2 are filtered

[*] Nmap: Nmap scan report for 10.10.10.101
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 2222/tcp open EtherNetIP-1
[*] Nmap: 8080/tcp open http-proxy

[*] Nmap: Nmap scan report for 10.10.10.103
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: Not shown: 987 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 21/tcp open ftp
[*] Nmap: 53/tcp open domain
[*] Nmap: 80/tcp open http
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 389/tcp open ldap
[*] Nmap: 443/tcp open https
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 464/tcp open kpasswd5
[*] Nmap: 593/tcp open http-rpc-epmap
[*] Nmap: 636/tcp open ldapssl
[*] Nmap: 3268/tcp open globalcatLDAP
[*] Nmap: 3269/tcp open globalcatLDAPssl

[*] Nmap: Nmap scan report for 10.10.10.116
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: All 1000 scanned ports on 10.10.10.116 are filtered

[*] Nmap: Nmap scan report for 10.10.10.120
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 994 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 80/tcp open http
[*] Nmap: 110/tcp open pop3
[*] Nmap: 143/tcp open imap
[*] Nmap: 993/tcp open imaps
[*] Nmap: 995/tcp open pop3s
[*] Nmap: 10000/tcp open snet-sensor-mgmt

[*] Nmap: Nmap scan report for 10.10.10.121
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 997 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 3000/tcp open ppp

[*] Nmap: Nmap scan report for 10.10.10.122
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: Not shown: 998 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http

[*] Nmap: Nmap scan report for 10.10.10.123
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 993 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 21/tcp open ftp
[*] Nmap: 22/tcp open ssh
[*] Nmap: 53/tcp open domain
[*] Nmap: 80/tcp open http
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 443/tcp open https
[*] Nmap: 445/tcp open microsoft-ds

[*] Nmap: Nmap scan report for 10.10.10.124
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 443/tcp open https
[*] Nmap: 8080/tcp open http-proxy

[*] Nmap: Nmap scan report for 10.10.10.125
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 1433/tcp open ms-sql-s

[*] Nmap: Nmap scan report for 10.10.10.126
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 998 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 80/tcp open http
[*] Nmap: 443/tcp open https

[*] Nmap: Nmap scan report for 10.10.10.127
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 997 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 443/tcp open https

[*] Nmap: Nmap scan report for 10.10.10.128
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: Not shown: 998 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 80/tcp open http
[*] Nmap: 6666/tcp open irc

[*] Nmap: Nmap scan report for 10.10.10.129
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http

[*] Nmap: Nmap scan report for 10.10.10.130
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: Not shown: 995 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 80/tcp open http
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 8080/tcp open http-proxy

[*] Nmap: Nmap scan report for 10.10.10.131
[*] Nmap: Host is up (0.16s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 21/tcp open ftp
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 443/tcp open https

[*] Nmap: Nmap scan report for 10.10.10.132
[*] Nmap: Host is up (0.036s latency).
[*] Nmap: Not shown: 997 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 8080/tcp open http-proxy

[*] Nmap: Nmap scan report for 10.10.10.133
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http

[*] Nmap: Nmap scan report for 10.10.10.134
[*] Nmap: Host is up (0.028s latency).
[*] Nmap: Not shown: 996 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds

[*] Nmap: Nmap scan report for 10.10.10.137
[*] Nmap: Host is up (0.028s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 21/tcp open ftp
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 3000/tcp open ppp
[*] Nmap: 8000/tcp open http-alt

[*] Nmap: Nmap scan report for 10.10.10.139
[*] Nmap: Host is up (0.026s latency).
[*] Nmap: Not shown: 998 filtered ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http

[*] Nmap: Nmap scan report for 10.10.10.140
[*] Nmap: Host is up (0.045s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http

[*] Nmap: Nmap scan report for 10.10.10.152
[*] Nmap: Host is up (0.027s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 21/tcp open ftp
[*] Nmap: 80/tcp open http
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: Nmap done: 256 IP addresses (23 hosts up) scanned in 150.84 seconds

Crawl vinkkejä: https://www.hackingarticles.in/5-ways-crawl-website/

b) Bonus: murtaudu jollekin HackTheBoxin maalikoneelle. Voit katsoa weppiliittymästä vinkkiä siitä, mitkä koneet ovat helppoja.

Raportti löytyy täältä:
HackTheBox Netmon ratkaisu

Homework 3. More WebGoat solutions

Bypass a Path Based Access Control Scheme

Avataan Inspect Element :lla esim. CSRF.html elementin valikosta.
Meitä kiinostaa value="CSRF.html" kohta.

Muokataan sitä value kohta niin, että se hae tiedoston, joka meitä kiinostaa. Tässä tehtävässä se on WEB-INF/spring-security.xml.
Me nähdään, että Current Directory on /.extract/webapps/WebGoat/plugin_extracted/plugin/CSRF/lessonPlans/en
Meille pitää päästä WebGoat directory :n ja sieltä hakea meidän teidoston.
Muokataan value kohta:
value="../../../../../WEB-INF/spring-security.xml"
Painetaan View File ja saadaan tiedoston sisältöä