Spectra is a Linux base machine from HackTheBox that focuses on the enumeration technique for training your ethical hacking skills and penetration testing skills.

[email protected]

Target Machine:

Attacker Machine:

Hacking Process Part 0 – Service Scanning

Quick Pre-searching

  1. nmap -p- -T5 --min-rate=1000 -oG fkclai.nmap

  2. nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV -o nmap-result.txt

nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV -o nmap-result.txt
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 22:27 HKT
Nmap scan report for
Host is up (0.23s latency).
22/tcp open ssh OpenSSH 8.1 (protocol 2.0)
| ssh-hostkey:
|_ 4096 52:47:de:5c:37:4f:29:0e:8e:1d:88:6e:f9:23:4d:5a (RSA)
80/tcp open http nginx 1.17.4
|_http-server-header: nginx/1.17.4
|_http-title: Site doesn't have a title (text/html).
3306/tcp open mysql MySQL (unauthorized)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.96 seconds

Enumeration strategies According to the Nmap result, the target machine is a

Hacking Process Part 1 – Enumeration

Web Enumeration

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'dev' );
/** MySQL database username */
define( 'DB_USER', 'devtest' );
/** MySQL database password */
define( 'DB_PASSWORD', 'devteam01' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
cat /etc/autologin/passwd