Spectra 10.10.10.229

Background

Spectra is a Linux base machine from HackTheBox that focuses on the enumeration technique for training your ethical hacking skills and penetration testing skills.
Target Machine: 10.10.10.239
Attacker Machine: 10.10.14.3

Hacking Process Part 0 – Service Scanning

Quick Pre-searching

  1. 1.
    nmap -p- -T5 --min-rate=1000 10.10.10.229 -oG fkclai.nmap
  2. 2.
    nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.229 -o nmap-result.txt
1
nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.229 -o nmap-result.txt
2
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 22:27 HKT
3
Nmap scan report for 10.10.10.229
4
Host is up (0.23s latency).
5
6
PORT STATE SERVICE VERSION
7
22/tcp open ssh OpenSSH 8.1 (protocol 2.0)
8
| ssh-hostkey:
9
|_ 4096 52:47:de:5c:37:4f:29:0e:8e:1d:88:6e:f9:23:4d:5a (RSA)
10
80/tcp open http nginx 1.17.4
11
|_http-server-header: nginx/1.17.4
12
|_http-title: Site doesn't have a title (text/html).
13
3306/tcp open mysql MySQL (unauthorized)
14
15
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
16
Nmap done: 1 IP address (1 host up) scanned in 17.96 seconds
Copied!
Enumeration strategies According to the Nmap result, the target machine is a

Hacking Process Part 1 – Enumeration

Web Enumeration

1
2
// ** MySQL settings - You can get this info from your web host ** //
3
/** The name of the database for WordPress */
4
define( 'DB_NAME', 'dev' );
5
6
/** MySQL database username */
7
define( 'DB_USER', 'devtest' );
8
9
/** MySQL database password */
10
define( 'DB_PASSWORD', 'devteam01' );
11
12
/** MySQL hostname */
13
define( 'DB_HOST', 'localhost' );
14
15
/** Database Charset to use in creating database tables. */
16
define( 'DB_CHARSET', 'utf8' );
17
18
/** The Database Collate type. Don't change this if in doubt. */
19
define( 'DB_COLLATE', '' );
20
Copied!
1
2
cat /etc/autologin/passwd
3
SummerHereWeCome!!
4
Copied!
1
Copied!