Zerodium on s4yhii's blog https://blog.s4yhii.com/tags/zerodium/ Recent content in Zerodium on s4yhii's blog s4yhii's blog https://blog.s4yhii.com/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E https://blog.s4yhii.com/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo -- 0.155.3 en-us Sat, 28 Aug 2021 12:00:00 -0400 HackTheBox Knife https://blog.s4yhii.com/posts/2021-08-28-knife-htb/ Sat, 28 Aug 2021 12:00:00 -0400 https://blog.s4yhii.com/posts/2021-08-28-knife-htb/ <p><strong>Machine IP</strong>: 10.10.10.242</p> <p><strong>DATE</strong> : 28/08/2021</p> <h2 id="matriz-de-la-maquina">Matriz de la maquina</h2> <p>Esta matriz nos muestra las características de explotación de la maquina.</p> <p><img loading="lazy" src="https://raw.githubusercontent.com/s4yhii/s4yhii.github.io/master/assets/images/htb/knife/matrix.png"></p> <h2 id="reconocimiento">Reconocimiento</h2> <p>Primero hacemos un escaneo de puertos para saber cuales están abiertos y conocer sus servicios correspondientes</p> <h2 id="nmap">Nmap</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-console" data-lang="console"><span class="line"><span class="cl"><span class="go">┌──(j3sm0n㉿kali)-[~] </span></span></span><span class="line"><span class="cl"><span class="go">└─$ nmap -sC -sV 10.10.10.242 148 ⨯ 1 ⚙ </span></span></span><span class="line"><span class="cl"><span class="go">Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-07 02:03 EDT </span></span></span><span class="line"><span class="cl"><span class="go">Nmap scan report for 10.10.10.242 </span></span></span><span class="line"><span class="cl"><span class="go">Host is up (0.11s latency). </span></span></span><span class="line"><span class="cl"><span class="go">Not shown: 998 closed ports </span></span></span><span class="line"><span class="cl"><span class="go">PORT STATE SERVICE VERSION </span></span></span><span class="line"><span class="cl"><span class="go">22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) </span></span></span><span class="line"><span class="cl"><span class="go">| ssh-hostkey: </span></span></span><span class="line"><span class="cl"><span class="go">| 3072 be:54:9c:a3:67:c3:15:c3:64:71:7f:6a:53:4a:4c:21 (RSA) </span></span></span><span class="line"><span class="cl"><span class="go">| 256 bf:8a:3f:d4:06:e9:2e:87:4e:c9:7e:ab:22:0e:c0:ee (ECDSA) </span></span></span><span class="line"><span class="cl"><span class="go">|_ 256 1a:de:a1:cc:37:ce:53:bb:1b:fb:2b:0b:ad:b3:f6:84 (ED25519) </span></span></span><span class="line"><span class="cl"><span class="go">80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) </span></span></span><span class="line"><span class="cl"><span class="go">|_http-server-header: Apache/2.4.41 (Ubuntu) </span></span></span><span class="line"><span class="cl"><span class="go">|_http-title: Emergent Medical Idea </span></span></span><span class="line"><span class="cl"><span class="go">Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel </span></span></span><span class="line"><span class="cl"><span class="err"> </span></span></span><span class="line"><span class="cl"><span class="go">Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . </span></span></span><span class="line"><span class="cl"><span class="go">Nmap done: 1 IP address (1 host up) scanned in 23.02 seconds </span></span></span></code></pre></div><p>Como vemos tiene el puerto 80 abierto, que es el http, veremos en el navegador de que se trata y analizaremos la web</p>