Basic Pentesting
Task1 Web App Testing and Privilege Escalation
1.Deploy the machine and connect to our network
2.Find the services exposed by the machine
3.What is the name of the hidden directory on the web server(enter name without /)?
development
4.User brute-forcing to find the username & password
5.What is the username?
jan
使用enum4linux枚举用户得到
共享目录 //10.10.76.103/Anonymous
6.What is the password?
armando
7.What service do you use to access the server(answer in abbreviation in all caps)?
SSH
8.Enumerate the machine to find any vectors for privilege escalation
9.What is the name of the other user you found(all lower case)?
kay
10.If you have found another user, what can you do with this information?
john破解OpenSSH私钥密码
1.ssh2john将id_rsa转换为john可读取的模式
ssh2john id_rsa > rsacrack
2.使用rockyou.txt爆破私钥密码
john rsacrack --wordlists=%字典%
11.What is the final password you obtain?
heresareallystrongpasswordthatfollowsthepasswordpolicy$$