Writeup Guidelines

You are welcome to post your write-ups for retired Machines here!

To keep a uniformity on the write-ups, use the following style guide:

• Discussion Title: {Machine} write-up by {username}
• Title each phase with an H2 tag (##)
• Title each step of a phase with an H3 tag(###)
• Enclose all commands and code in a code block (~~~)
• Use external links for used exploits
• Tag the post properly, eg. {machine},writeups,etc.

Sample:

Enumeration

We start by enumerating open ports and then drill down to each service for more information

Nmap Scan

[[email protected] ~]# nmap 10.10.10.123
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2017-09-11 15:42 EST
Interesting ports on 10.10.10.123:
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds

Seems that we have a web server. Lets dirb it!

Dirb

[[email protected] ~]#dirb http://10.10.10.123/
-----------------
DIRB v1.9
By The Dark Raver
-----------------
START_TIME: Mon Jul  9 23:13:16 2007
URL_BASE: http://10.10.10.123/
WORDLIST_FILES: wordlists/common.txt
SERVER_BANNER: lighttpd/1.4.15
NOT_EXISTANT_CODE: 404 [NOT FOUND]
(Location: '' - Size: 345)

-----------------

Generating Wordlist...
Generated Words: 839

---- Scanning URL: http://10.10.10.123/ ----
FOUND: http://10.10.10.123/phpmyadmin/       (***) DIRECTORY (*)

Exploitation

Blah blah blah...