Spectra 10.10.10.229

Background

Spectra is a Linux base machine from HackTheBox that focuses on the enumeration technique for training your ethical hacking skills and penetration testing skills.

130n@calvinlai.com

Target Machine: 10.10.10.239

Attacker Machine: 10.10.14.3

Hacking Process Part 0 – Service Scanning

Quick Pre-searching

1. nmap -p- -T5 --min-rate=1000 10.10.10.229 -oG fkclai.nmap

2. nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.229 -o nmap-result.txt

nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.229 -o nmap-result.txt
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 22:27 HKT
Nmap scan report for 10.10.10.229
Host is up (0.23s latency).

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.1 (protocol 2.0)
| ssh-hostkey: 
|_  4096 52:47:de:5c:37:4f:29:0e:8e:1d:88:6e:f9:23:4d:5a (RSA)
80/tcp   open  http    nginx 1.17.4
|_http-server-header: nginx/1.17.4
|_http-title: Site doesn't have a title (text/html).
3306/tcp open  mysql   MySQL (unauthorized)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.96 seconds

Enumeration strategies According to the Nmap result, the target machine is a

Hacking Process Part 1 – Enumeration

Web Enumeration

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'dev' );

/** MySQL database username */
define( 'DB_USER', 'devtest' );

/** MySQL database password */
define( 'DB_PASSWORD', 'devteam01' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

cat /etc/autologin/passwd
SummerHereWeCome!!