I go back to the main page and I click on the Size tab to sort the transfers. All the files seems to have the full name, email and password encrypted. When I navigate to bank.htb, I can see a login page nowįrom the gobuster reconnaissance, I found some folders. I add bank on the /etc/hosts file nano /etc/hosts We will follow the standard convention for the HTB machines, bank.htb It points to an Apache2 Ubuntu Default page. gobuster dir -u bank.htb -w /usr/share/worldlists/dirbuster/įrom the reconnaissance phase, I decide to start with port 80. I do another directory scan with a different wordlist. I use this command for the dirb common.txt wordlist gobuster dir -u bank.htb -w /usr/share/wordlists/dirb/common.txt I'm using wordlists from dirb and dirbuster, but you can download more wordlists from SecLists here Gobuster uses wordlists on Kali which are located in the /usr/share/wordlists directory. Gobuster is a directory scanner written in Go. Port 80, most often used by Hypertext Transfer Protocol (HTTP) Directory scanning Port 22, Secure Shell (SSH), secure logins, file transfers (scp, sftp) and port forwarding If you find the results a little bit too overwhelming, you can do another command to get only the open ports. A: Enable OS detection, version detection, script scanning, and traceroute I use the following command to perform an intensive scan: nmap -A -v bank.htb If you want to learn more about it, you can have a look at the documentation here. There are many commands you can use with this tool to scan the network. It uses raw IP packets to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap is a free and open source utility for network discovery and security auditing. It is always better to spend more time on this phase to get as much information as you can. This is one of the most important parts as it will determine what you can try to exploit afterwards. The first step before exploiting a machine is to do a little bit of scanning and reconnaissance. ![]() We will use the following tools to pawn the box on a Kali Linux box: Only write-ups of retired HTB machines are allowed.īank is a relatively simple machine, however proper web enumeration is key to finding the necessary data for entry Some of them are simulating real world scenarios and some of them lean more towards a CTF style of challenge. It contains several challenges that are constantly updated. Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills.
0 Comments
Leave a Reply. |