![]() ![]() This was not a website, so Alex taught me how to connect directly using Netcat. (Apparently it actually was a socks5 proxy) 1337 Text Interaction – 9 of Clubs He was doubtful that it was actually a socks5 (nmap often returns what is ‘usually’ on a port if it can’t tell). Alex tried it as a proxy, but couldn’t get it to work. Now we can use a web browser and type localhost:8080 into the url and it will connect to the port specified on the hackable ubuntu box (in this case port 80) where we found the first flag sitting there on a webpage. Then we need the ssh key again to access the kali box which has the username and address at the end of the command. Ssh -L 8080:172.15.22.21:80 -i Downloads/metasploit_ctf_kali_ssh_key.pem first part of the command is -L which means local tunneling, then there is port we are setting up on our local computer (8080), next is the address of the target machine and the port we want on the target machine (80). This command needs to be run from the local computer, not the kali box (I’m still learning). The reason the tunnel is necessary is because the kali machine can access the ubuntu box we are hacking, but our local computer can’t. target/destination – The ubuntu box that we are hacking.ssh server – The kali linux box that was provided, the one I ssh-ed into initially.client/local – Your computer, the one on your desk.There are three machines in the ssh tunnel process. I tried to figure it out on my own, but it is so confusing! When I looked up information I couldn’t even figure out which machine was which. Alex set up the tunnel for me last time, but this time I wanted to learn how to run it myself. Then I needed to use ssh tunnelling to access the websites on the ports. Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel |_http-server-header: SimpleHTTP/0.6 Python/3.8.5ĩ009/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0) The command would have done multiple ports at a time, but I didn’t know how long that might take so I mostly stuck with one at a time. Then I went through each port and did a deeper scan for more information. Last time we missed some ports (apparently we missed one this time too!), so we tried them all with -p. Ssh -i Downloads/metasploit_ctf_kali_ssh_key.pem used nmap from the kali machine to get an initial list of open ports, then I asked for help to do a more exhaustive search. Then the rest is the username at the IP address of our kali machine (both given in our control panel on the competition website). Alex showed me how to use the -i to give it the file path to the key we were given (it was in my downloads folder). ![]() ![]() Using ssh to connect to the kali machine was my first challenge. However, my explanations might be a bit basic and/or inaccurate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |