Popcorn – HacktheBox

Work in Progress

START

Port scan to identify open ports

[root:~/Desktop/popcorn]# nmap -p- 10.10.10.6 -oA ports
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-11 12:25 BST
Nmap scan report for 10.10.10.6
Host is up, received timestamp-reply ttl 63 (0.029s latency).
Not shown: 65488 closed ports, 45 filtered ports 
Reason: 65488 resets and 45 no-responses
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE REASON 
22/tcp open ssh syn-ack ttl 63 
80/tcp open http syn-ack ttl 63
 
Nmap done: 1 IP address (1 host up) scanned in 13.16 seconds

Port 22 and 80 open – now for detailed scan

nmap -sC -sV -p22,80 -oA detailedportscan 10.10.10.6
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-11 12:32 BST
Nmap scan report for 10.10.10.6 
Host is up, received reset ttl 63 (0.041s latency).
 
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 5.1p1 Debian 6ubuntu2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
| 1024 3e:c8:1b:15:21:15:50:ec:6e:63:bc:c5:6b:80:7b:38 (DSA)
|_ 2048 aa:1f:79:21:b8:42:f4:8a:38:bd:b8:05:ef:1a:07:4d (RSA)
80/tcp open http syn-ack ttl 63 Apache httpd 2.2.12 ((Ubuntu))
|_http-server-header: Apache/2.2.12 (Ubuntu) 
|_http-title: Site doesn't have a title (text/html).
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel 
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.86 seconds

Looks like an  old version of ssh – normally I see 7.2 on there. Lets take a quick peak at what directories there are

[root:~/dirsearch]# ./dirsearch.py -u 10.10.10.6 -e php (master)

_|. _ _ _ _ _ _|_ v0.3.8
(_||| _) (/_(_|| (_| )

Extensions: php | Threads: 10 | Wordlist size: 5961

Error Log: /root/dirsearch/logs/errors-18-04-11_12-37-28.log

Target: 10.10.10.6

[12:37:28] Starting: 
[12:37:29] 403 - 289B - /.ht_wsr.txt
[12:37:29] 403 - 282B - /.hta
[12:37:29] 403 - 291B - /.htaccess-dev
[12:37:29] 403 - 293B - /.htaccess-local
[12:37:29] 403 - 293B - /.htaccess-marco
[12:37:29] 403 - 291B - /.htaccess.BAK
[12:37:29] 403 - 292B - /.htaccess.bak1
[12:37:29] 403 - 291B - /.htaccess.old
[12:37:29] 403 - 292B - /.htaccess.orig
[12:37:29] 403 - 294B - /.htaccess.sample
[12:37:29] 403 - 292B - /.htaccess.save
[12:37:29] 403 - 291B - /.htaccess.txt
[12:37:29] 403 - 293B - /.htaccess_extra
[12:37:29] 403 - 292B - /.htaccess_orig
[12:37:29] 403 - 290B - /.htaccess_sc
[12:37:29] 403 - 290B - /.htaccessBAK
[12:37:29] 403 - 290B - /.htaccessOLD
[12:37:29] 403 - 291B - /.htaccessOLD2
[12:37:29] 403 - 288B - /.htaccess~
[12:37:29] 403 - 286B - /.htgroup
[12:37:29] 403 - 291B - /.htpasswd-old
[12:37:29] 403 - 292B - /.htpasswd_test
[12:37:29] 403 - 288B - /.htpasswds
[12:37:29] 403 - 286B - /.htusers
[12:37:36] 403 - 286B - /cgi-bin/
[12:37:38] 403 - 282B - /doc/
[12:37:38] 403 - 297B - /doc/en/changes.html
[12:37:38] 403 - 296B - /doc/stable.version
[12:37:40] 200 - 177B - /index
[12:37:40] 200 - 177B - /index.html
[12:37:47] 200 - 48KB - /test
[12:37:47] 200 - 47KB - /test.php
[12:37:47] 200 - 48KB - /test/
[12:37:55] 403 - 291B - /server-status
[12:37:55] 403 - 292B - /server-status/

Task Completed
[root:~/dirsearch]#

Nothing really revealing after browsing the webpages. It revealed the version of php thats running on the server and the OS

PHP Version 5.2.10-2ubuntu6.10

 

rowbot

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.