Hack the Box-Stapler 2 Walkthrough

The goal is to reconnaissance, enumeration, and exploits this vulnerable machine to get root access and to read the contents of flag.txt.

Start off with scanning the network to find our target. And we all the command for it is:

arp-scan -l

We found our target –> 192.168.1.5

To scan our target IP we will use Nmap for port scanning.

nmap -sV -sC 192.168.1.5

Opened Ports:[Initial scan]

20

21-FTP (Through Nmap scan — -> we can see username is “anonymous”)is allowed

22-ssh

53

80-HTTP

139-Smb

666

TRy Nmap Full Port Scan:

nmap -p- 192.168.1.5

[Port 80 is opened, we can see in Nmap output], but we can't access the webpage in the browser.

Reason: to check full port scan- [12380 undefined port] is important to access the https(443) in this case(may be they change the default port)

NIKTO

We’ll use Nikto for the vulnerability scans. Same here. Nothing important.

nikto -h http://192.168.1.5:12380

https://192.168.1.5:12380/robots.txt/

https://192.168.1.5:12380/blogblog/

FTP:

Now let’s try to login in FTP server. We’ll use “anonymous” as a username, and password. There’s a note which we’ll download.

To Download use “get”

To quit- use “exit”

Use Hydra for grab another user Credentials to establish FTp connection:

login:elly password:ylle

lOGIN Using Ftp connection:

We can see some useful file…

Download the “passwd “ file

Reference:

— — — — — — — — — — — — — — — — — — — — — — — — -

Ssh login credentials: Grab using Hydra…

hydra -L user.txt -e nsr 192.168.1.5 ssh

Login: SHayslett ,Password:SHayslett

ls-la

Finding Exploit using Version(Linux privilege escalation 4.4.0

Offensive Security's Exploit Database Archive

Using “wget” command download it….

to Unzip file:

unzip filename.zip

we got “root Access””

— — — — — — — — — — — — — — — — — — — — -

Method 2:

Using WP-Scan

Using MYsql: